Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (gnutls28, iwd, libjwt, and thunderbird), Fedora (chromium, expat, mingw-expat, mingw-openexr, mingw-python3, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtquickcontrols2, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, mingw-qt5-qttranslations, mingw-qt5-qtwebchannel, mingw-qt5-qtwebsockets, mingw-qt5-qtwinextras, mingw-qt5-qtxmlpatterns, and thunderbird), Gentoo (btrbk, Glances, and GNU Aspell), Mageia (clamav and xen, qemu and libvirt), Oracle (firefox and postgresql), Red Hat (firefox, opensc, postgresql:10, postgresql:12, postgresql:13, postgresql:15, thunderbird, and unbound), SUSE (firefox, java-1_8_0-ibm, libxml2, and thunderbird), and Ubuntu (binutils, linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-oracle,
linux-raspi, linux-starfive, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp,
linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,
linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
linux-raspi, linux-azure, linux-oem-6.1, and roundcube).
-
Data Breaches ☛ loanDepot notifying 17 million customers after ransomware attack in January
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly claimed they could offer more after the weekend. But after the weekend, they reportedly never showed up again.
BlackCat also made a number of other allegations about LoanDepot and its incident management, but none of those claims are readily verifiable or refuted by DataBreaches and hence, are not being repeated.
This week, loanDepot submitted a breach notification to the Maine Attorney General’s Office. That report, filed by their external counsel, indicates that 16,924,071 customers were affected by the incident.
In its letter to those affected, loanDepot writes that they discovered the incident on January 4. Investigation revealed that data had been exfiltrated between January 3 and January 5 and may have impacted consumers’ name, address, email address, financial account numbers, social security number, phone number, and date of birth.
-
Security Week ☛ Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts
US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts.
-
Scoop News Group ☛ Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments
The advisory issued by the U.K.'s National Cyber Security Centre breaks down tactics and techniques from SVR hacking ops.
-
Windows TCO
-
Bitdefender ☛ The LockBit ransomware gang rears its ugly head again, after law enforcement takedown
Surprise! The LockBit ransomware group has re-emerged, just days after a high-profile law enforcement operation seized control of its infrastructure and disrupted its operations.
-
India Times ☛ Lockbit cybercrime gang: Lockbit cybercrime gang says it is back online following global police bust
The group, notorious on the internet's criminal underground for using malicious software called ransomware to digitally extort its victims, was the target of an unprecedented international law enforcement operation last week which saw its members arrested and indicted.
-
Silicon Angle ☛ LockBit ransomware gang returns after being temporarily disrupted by law enforcement
News of the operation targeting LockBit first emerged Feb. 19, with further details of the operation disclosed on Feb. 20. The operation, which involved law enforcement agencies from 11 countries, did result in the arrest of two alleged LockBit members in Poland and Ukraine and the issue of international arrest warrants and indictments for a number of other alleged members.
Although it’s commendable that law enforcement agencies target online crime, arresting two members of LockBit had little effect. The group is believed to have about 20 core members and at least 100 affiliates using its ransomware.
-
The Star MY ☛ Hackers take Copenhagen Airport website offline in 'massive' attack | The Star
Passengers flying into or from the Danish capital were asked to instead use a smartphone app to get updates on their flights after the website was forced offline by what Danish news agency Ritzau reported was a denial of service attack.
-