Security and Windows TCO Leftovers

posted by Roy Schestowitz on May 29, 2024

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (less), Mageia (chromium-browser-stable), SUSE (apache2, java-1_8_0-openj9, kernel, libqt5-qtnetworkauth, and openssl-3), and Ubuntu (netatalk and python-cryptography).

• Bruce Schneier ☛ Lattice-Based Cryptosystems and Quantum Cryptanalysis

  Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms.

• Internet Archive ☛ Internet Archive and the Wayback Machine under DDoS cyber-attack | Internet Archive Blogs

• Krebs On Security ☛ Treasury Sanctions Creators of 911 S5 Proxy Botnet

  The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

• Windows TCO

  • The Record ☛ Ransomware attack on Seattle Public Library knocks out online systems

    A ransomware attack on the Seattle Public Library has brought services to a halt — knocking out the wireless network, computers for staff and patrons, and the entire online catalog.

    The incident began on Saturday, the organization said in a statement on Monday afternoon. The library has 27 different branches serving nearly 800,000 residents.

  • Cyble Inc ☛ Cencora Data Breach Far More Widespread Than Earlier Thought

    The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical giants including Novartis and GlaxoSmithKline disclose personal and health information data leaks stemming from the February breach incident.

    Cencora Inc., formerly recognized as AmerisourceBergen, and its Lash Group affiliate announced in a February filing with the Securities and Exchange Commission (SEC) that the company faced a cybersecurity incident where “data from its information systems had been exfiltrated.”

  • Modern Diplomacy ☛ Need of Digital Rights Protection/ Social Media Regulation in Pakistan

    In Pakistan, the alarming surge of data breaches across both public and private sectors is a matter of serious concern. To cater to these breaches Pakistan aims at establishing a Digital Rights Protection Authority with a mandate to oversee social media platform in Pakistan. For that purpose, the government has already initiated a consultation process with all the stakeholders. The main idea driving the establishment of the Digital Rights Protection Authority is to advise the government on issues related to digital rights of actors in a digitally connected global world, promote responsible Internet usage and ensure compliance with regulations. It will also cater ways for investigation of any violations of social media laws.

  • Security Week ☛ Christie's Confirms Data Breach After Ransomware Group Claims Attack

    While the incident prevented potential buyers from viewing the auctioned items on Christie’s site, people could still make bids and the event was considered a success.

    It now appears that the incident was the result of an attack conducted as part of a relatively new ransomware operation named RansomHub.

  • The Record ☛ RansomHub claims attack on Christie’s, the world’s wealthiest auction house

    A listing on RansomHub’s darknet extortion site includes what the criminals say are samples of data stolen from Christie’s, the world’s largest auction house by revenue whose clients include some of the world’s wealthiest art collectors.

    Earlier this month, the company’s chief executive, Guillaume Cerutti, announced the company had taken its website offline due to what it described as a “technology security incident.”

  • Cyble Inc ☛ RansomHub Claims Cyberattack On Christie's Auction House

    The RansomHub ransomware gang has now claimed responsibility for the attack on its leak site, stating that it had compromised about 2GB of data from the the auction giant during the initial network compromise.

  • Rapid7 LLC ☛ Javs Viewer: CVE-2024-4978: Backdoor Discovered in JAVS Viewer

    Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action. This version contains a backdoored installer that allows attackers to gain full control of affected systems. **Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials.** Users should install the latest version of JAVS Viewer (8.3.8 or higher) **after** re-imaging affected systems. These findings were identified through an investigation performed by Rapid7 analysts.

  • Security Week ☛ ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack

    “Research by external security experts working for AddComm should identify exactly what data has been stolen. Our priority now is to inform our own clients and take measures to minimize the impact of this data breach as far as possible,” ABN Amro said in an incident notice.

  • Security Week ☛ Data Stolen From MediSecure for Sale on Dark Web

    Australian digital prescription services provider MediSecure has confirmed that data allegedly stolen in a recent ransomware attack is being offered for sale on the dark web.