Security: GNU/Linux Patches and Windows Breaches

posted by Roy Schestowitz on Jan 26, 2024

• Ubuntu Fixed High-Severity QEMU Vulnerabilities

  QEMU is a widely used open-source emulator for running multiple operating systems within a virtual machine. However, recent discoveries by the Ubuntu security team have shed light on issues within QEMU, addressing a total of 14 vulnerabilities. Critical updates are available for various Ubuntu versions, including 23.10, 23.04, 22.04 LTS, and 20.04 LTS.

  This article aims to explore the details of these vulnerabilities, ensuring a comprehensive understanding to fortify your virtual environment.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), Fedora (dotnet7.0, firefox, fonttools, and python-jinja2), Mageia (avahi and chromium-browser-stable), Oracle (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), Red Hat (gnutls, kpatch-patch, php:8.1, and squid:4), SUSE (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, tomcat10, and xwayland), and Ubuntu (paramiko and puma).

• AdaCore Enhances GCC Security with Innovative Features

  In a significant stride towards bolstering the security of the open-source ecosystem, AdaCore has recently contributed a set of security hardening features to the GCC project (GNU Compiler Collection). These features, designed to fortify the software produced by GCC against various cyber threats, highlight our commitment to advancing the field of secure programming and our 30+ years of contributing to the open-source software development ecosystem.

• Data Breaches ☛ Interview with the Knight Group, the heir of Cyclops

  Of note, Knight recently imposed new rules prohibiting affiliates from attacking non-profit hospitals and government entities. They do not explain why they have imposed those rules, though.

• Bleeping Computer ☛ Russian TrickBot malware dev sentenced to 64 months in prison

  Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.

  According to court documents, the 40-year-old individual (also known as FFX) was the one who oversaw the development of the malware’s browser injection component.

• ICOUK ☛ South Tees Hospitals NHS Foundation Trust reprimanded for “serious, harmful” data breach

  Under data protection law, organisations must have appropriate technical and organisational systems in place to ensure personal data is kept safe and not inappropriately disclosed to others.

  South Tees Hospitals NHS Foundation Trust should now implement new standard operating procedures and provide further staff training to ensure data is protected and reduce possibility of future disclosures in error.

• WA Appeals Court To Hear Data Breach Lawsuit Against CDHD

  The Washington Appeals Court will hear a case from two people suing Chelan Douglas Health District over a security breach.

  The Health District reported a breach in July of 2021 but did not inform possible victims or the public until March 2022.

  The district said Social Security numbers, dates of birth or death, financial account information and personal medical data was removed from their site in the breach.

• Bleeping Computer ☛ HPE: Russian hackers breached its security team’s email accounts [Ed: Trying to blame "Russia" for everything]

  Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.

  Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be part of Russia’s Foreign Intelligence Service (SVR). The threat actors have been linked to multiple attacks throughout the year, including the infamous 2020 SolarWinds supply chain attack.

• St Vincent’s Health says there is ‘no evidence’ sensitive personal information was stolen by hackers in cyber attack

  Cyber security company CyberCX were engaged to look into the activity of the cyber criminals and whether documents such as medical records and Medicare cards had been taken.

• Data Breaches ☛ Current Issues In Data Breach Class Action Settlements

  You can read their article on The National Law Review. The issues they identify are interesting. None of them, though, concern whether a proposed settlement provides adequate improvements or remedies for data security policies or practices that contributed to the data breach.

• Data Breaches ☛ K-12 Cybersecurity Spending, Insurance on the Rise

  But the responses to the question, “Which of the following vendor cybersecurity practices does your district evaluate or require (select all that apply)?” were somewhat chilling. Is it any wonder some vendors feel that they can get away with not deploying appropriate security when there is no loss of clients because no one is checking on them?