Security Leftovers

posted by Roy Schestowitz on Mar 21, 2024

• Scoop News Group ☛ White House, EPA warn water sector of cybersecurity threats

  The EPA is also convening a task force to take on some of the challenges facing the sector around cybersecurity efforts.

• Security Week ☛ Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens

  Mintlify announces vulnerability disclosure program after a data breach exposed 91 customer GitHub tokens.

• SANS ☛ Attacker Hunting Firewalls, (Tue, Mar 19th)

  Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new victims. However, being and access broker or ransomware peddler is challenging: The competition for freshly deployed vulnerable devices, or devices not patched for the latest greatest vulnerability, is immense. Your success in the ransomware or access broker ecosystem depends on having a consistently updated list of potential victims.

• Hong Kong Free Press ☛ Hong Kong’s South China Athletic Association investigates data hack, 70,000 data subjects affected

  The South China Athletic Association (SCAA) is investigating a leak of members’ personal data, it said on Monday, as the privacy watchdog’ office warned that around 70,000 data subjects had been affected. The non-profit sports organisation said that names, birthdays, HKID numbers and correspondence addresses had been breached.

• Security Week ☛ UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack

  UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery.

• Security Week ☛ Aiohttp Vulnerability in Attacker Crosshairs

  A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group.

• Security Week ☛ Misconfigured Firebase Instances Expose 125 Million User Records

  A weakness in a Firebase implementation allowed researchers to gain access to names, phone numbers, email addresses, plaintext passwords, confidential messages, and more.

• Federal News Network ☛ Negotiators race to finish government funding bills after reaching deal on Homeland Security bill

  Negotiators from Congress and the White House are scrambling to complete work on funding government agencies for the fiscal year and avoid a partial shutdown that could begin this weekend. Lawmakers passed the first portion of spending bills in early March, funding about 30% of the government.

• Security Week ☛ Chinese APT Hacks 48 Government Organizations

  Earth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide.

• Security Week ☛ Nations Direct Mortgage Data Breach Impacts 83,000 Individuals

  Nations Direct informs 83,000 individuals that their personal information was compromised in a data breach.

• Latvia ☛ Latvian government agrees on major cyber security update

  On Tuesday, March 19, the Latvian Cabinet of Ministers approved the draft law "National Cyber ​​Security Law". The purpose of the draft law is to strengthen cyber security in Latvia, as well as to introduce the revised requirements of the European Union Network and Information Systems Security Directive (NIS2) to achieve a uniformly high level of cyber security throughout the European Union.

• Dark Reading ☛ Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyberattacks

  Russian state hackers are performing targeted phishing campaigns in at least nine countries spread across four continents. Their emails tout official government business and, if successful, threaten not just sensitive organizational data, but also geopolitical intelligence of strategic importance.

  Such a sophisticated, multi-pronged plot could only be wrought by a group as prolific as Fancy Bear (aka APT28, Forest Blizzard, Frozenlake, Sofacy Group, Strontium, UAC-028, and many more aliases still), which IBM X-Force tracks as ITG05 in a new report.

  Besides the convincing government-themed lures and three new variants of custom backdoors, the campaign stands out most for the information it targets: Fancy Bear appears to be aiming for highly specific information of use to the Russian government.

• Public notice of break-in at Whitehorse Victim Services office

  The Government of Yukon is reporting a break-in that occurred at the Whitehorse Victim Services office sometime between the evening of March 15 and the morning of March 16, 2024.

  The Whitehorse detachment of RCMP “M” Division is investigating the break-in and the Department of Justice is following the appropriate procedures to respond to the privacy breach affecting confidential files that contain sensitive personal information.

  Confidential files and other items have been accessed. Individuals who have obtained services through Victim Services may be affected, as may other individuals who may be referenced in victims’ files. It is still unclear the extent to which confidential information may have been compromised. Files that may have been accessed often include individuals' names, contact information and birthdates, as well as information about legal proceedings. Some such files contain additional personal information, as do some cell phones that were stolen.