Security Leftovers
-
LinuxSecurity ☛ The Critical Importance of Prioritizing Memory Safe Programming Languages
The importance of prioritizing memory-safe programming languages has never been greater. Using memory-safe programming languages such as Python, Java, C#, Go, Rust, and Swift offers significant security advantages for admins and programmers, while avoiding the vulnerabilities associated with memory-unsafe languages like C++.
-
LinuxSecurity ☛ The Rise of GNU/Linux Ransomware Targeting IoT Devices: Implications & Considerations
Ransomware targeting GNU/Linux systems is a growing threat, particularly in IoT ecosystems. Cybersecurity analysts are presenting live forensic techniques to detect ransomware infections on GNU/Linux machines. Let's examine GNU/Linux ransomware's unique challenges and its potential impact on the IoT industry.
-
Scoop News Group ☛ CISA faces resource challenge in implementing cyber reporting rules
The Cybersecurity and Infrastructure Security Agency’s reporting requirements represent a sea change for when private entities will have to report cybersecurity incidents.
-
OpenSSL Vulnerabilities Patched in Ubuntu 18.04
Several security vulnerabilities were discovered in OpenSSL, a critical library for securing communication across the internet. These vulnerabilities could be exploited by attackers to launch denial-of-service (DoS) attacks, potentially disrupting critical services. The Ubuntu security team has swiftly responded by releasing security updates for different Ubuntu releases, including Ubuntu 16.04 and Ubuntu 18.04.
-
Ernest Health rehabilitation hospitals notify patients of ransom attack in January (1)
The attack resulted in access to patient data that included names and at least one of “addresses, birth dates, medical record numbers, health insurance plan member IDs, claims data, diagnosis and/or prescription information. For some patients, this information may have included their Social Security and/or driver’s license numbers.”
-
Bloomberg ☛ Proposed CorrectCare Breach Settlement Rejected Over Equitable Treatment
A proposed $6.49 million settlement of a lawsuit alleging that CorrectCare Integrated Health LLC failed to protect the personal information of 647,000 people in a January 2022 data breach was rejected by a federal court.
Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates failed to show in their motion for settlement approval that the relief provided for in the deal was adequate and that the the agreement was fair to class members without documented losses from identity theft, Judge Danny C. Reeves, of the US District Court for the Eastern District of Kentucky, said Monday.
-
TechCrunch ☛ Indian government’s cloud spilled citizens’ personal data online for years
The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to access.
At fault was the Indian government’s cloud service, dubbed S3WaaS, which is billed as a “secure and scalable” system for building and hosting Indian government websites.
-
No need to hack when it’s leaking, Wednesday edition: Eyecare Services Partners exposed more than 2 million patients’ SSN – researcher
EyeCare Services Partners (ESP) is a private company with a network of ophthalmologic, optometric and ambulatory surgery centers. It is headquartered in Dallas, Texas. On February 9, an IT student who was searching the internet for exposed datasets noticed that ESP had an unsecured blob listed on GrayhatWarfare. Due to other work, “JLT” (as he has asked to be called on this site) did not start really investigating the leak until March 1.
-
Indiana-based Otolaryngology Associates, LLC notifies 316,802 patients about February cyberattack
Otolaryngology Associates, LLC (OA) has 13 locations throughout Indiana in Indianapolis, Greencastle, Greenfield, Kokomo, Noblesville, and Carmel. On April 1, the ENT (ears, nose, throat) practice notified the U.S. Department of Health and Human Services of a data breach that affected 316,802 patients.
According to a notice on its website, OA became aware of the cyberattack on February 17. OA and its vendor responded quickly to try to stop the attack, and OA reports that it was never locked out of its systems.
-
Live Forensic Techniques To Detect Ransomware Infection On Linux Machines
There 24 major execution experiments were performed with retest across 12 combinations, involving three samples of ransomware on two Linux OS with two permission levels.