Security Leftovers, FUD, and Microsoft/Windows TCO

posted by Roy Schestowitz on Apr 21, 2024

• Valley Mountain Regional Center discloses a breach, but are patients still in the dark?

  In November 2021, Valley Mountain Regional Center (VMRC) notified HHS that multiple employees were the victims of a phishing scheme that compromised the protected health information (PHI) of 17,197 individuals. They notified HHS, affected individuals, media, and provided substitute notice. HHS reports, “In its mitigation efforts, the Business Associate strengthened its technical safeguards to better protect PHI. OCR provided technical assistance to them.”

  But in August 2023, when VMRC discovered another breach, they did not promptly notify HHS, regulators, or patients. DataBreaches’ worksheet for the month noted that the ransomware group known as Karakurt had added VMRC to their leak site in early August. But there was no disclosure by VMRC at the time or since then, it seems — until now.

• The Straits Times ☛ Sg: App managing student devices in 127 schools hacked; names and e-mail addresses leaked: MOE

  The names and e-mail addresses of parents and teachers of 127 primary and secondary schools were leaked after a mobile platform on students’ personal learning devices was hacked, said the Ministry of Education (MOE) on April 19.

  The Mobile Guardian app, which is installed on personal learning devices including Chromebook laptops and Apple’s iPad tablets, helps parents manage their children’s device use and restrict specific websites, apps and screen time.

  Mobile Guardian’s user management portal was compromised at its headquarters by an incident of unauthorised access, which led to the leak of names and e-mail addresses of parents and teachers from five primary schools and 122 secondary schools, said MOE in a statement on its website. The figure means around a third of all primary and secondary schools in Singapore were affected by this leak.

• Europol ☛ International investigation disrupts phishing-as-a-service platform LabHost

  This week, law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure.

• TechTarget ☛ Cisco charts new security terrain with Hypershield

  Initially, Hypershield protects software, VMs and containerized applications running on Linux. Cisco's ambition is to eventually broaden its reach.

• TechTarget ☛ 3 Keycloak authorization strategies to secure app access

  Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access.

• Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

  • Computer Weekly ☛ More social engineering attacks on open source projects observed [Ed: Microsoft staff shifts attention away from Microsoft getting cracked again?]

    In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks

• Windows TCO

  • SCMP ☛ Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

    Department of Health says initial investigation finds cyberattack on Union Hospital did not lead to any patient data or medical services being compromised

• Programming/Development

  • Ruben Schade ☛ The idea of memory-safe programming in context

    I’ve been watching the current debate over memory-safe programming with interest. On the one have you have Rust and Go advocates talking about the need to replace C with its buffer overflows and other security problems, and on the other you have different fingers.