Securitty and Windows TCO

posted by Roy Schestowitz on Jun 19, 2024

• How Automated Linux Patching Boosts Healthcare Security

  These days, healthcare organizations are increasingly relying on advanced technologies like electronic health records (EHRs), telemedicine platforms, and internet-connected medical devices (IoMT) to provide better care, streamline operations, and enhance patient outcomes. However, this digital transformation has come at a cost – healthcare organizations are now prime targets for cyberattacks.

  Sensitive patient data and critical medical systems are at risk, making robust cybersecurity measures a non-negotiable priority. One crucial element of these measures is automated Linux patching. By proactively addressing vulnerabilities, this approach significantly strengthens the security posture of healthcare organizations relying on Linux-based systems.

• Android Headlines ☛ ARM's 'TIKTAG' attack affects Google Chrome and Linux systems

  Recently, a team of Korean researchers from Samsung, Seoul National University, and Georgia Institute of Technology have tested a new speculative execution attack called TIKTAG. Quite surprisingly, this specially designed attack targets ARM’s Memory Tagging Extension allowing data leakage with a success rate higher than 95%. The practical implications of this discovery are significant as it enables hackers to bypass key protection mechanisms against memory corruption.

Integrity/Availability/Authenticity

• Cyble Inc ☛ Linux Malware Uses Discord Emojis To Communicate With Attackers

  The malware then downloads the next-stage payload, named vmcoreinfo, from a remote server, clawsindia[.]in. The payload is an instance of the DISGOMOJI malware and is dropped in a hidden folder named .x86_64-linux-gnu in the user’s home directory.

  DISGOMOJI, a UPX-packed ELF written in Golang, uses Discord for C2. “An authentication token and server ID are hardcoded inside the ELF, which are used to access the Discord server,” they wrote. “The malware creates a dedicated channel for itself in the Discord server, meaning each channel in the server represents an individual victim. The attacker can then interact with every victim individually using these channels.”

• Cybersecurity News: CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware [Ed: Citing Microsofters in Microsoft site to associate "Linux" with "malware"]

• Wired ☛ Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

  Furthermore, in the blog post written by Mandiant, which was published after the hacker told WIRED about his group’s use of data harvested by infostealers, the security firm revealed that the hackers who breached Snowflake accounts used old data siphoned by infostealers to access some of the accounts. Mandiant said that about 80 percent of the victims it identified in the Snowflake campaign were compromised using credentials that had previously been stolen and exposed by infostealers.

• Silicon Angle ☛ Ransom demands issued to Snowflake users amid alleged third-party contractor breach

  The alleged attack path is said to have involved ShinyHunters compromising a company called EPAM Systems Inc., a New York Stock Exchange-listed company with a market cap of $10.11 billion as of the close of regular trading today. EPAM specializes in software engineering services, digital platform engineering and digital product design.

• Windows TCO

  • Bitdefender ☛ Convicted BEC scammer could face over 100 years in prison

    By posing as trusted senders, such as a bank or vendor, Umeti and his co-conspirators are alleged to have targeted and hacked numerous organisations in the United States for substantial amounts. This allegedly included siphoning US $571,000 from a New York wholesaler and US $400,000 from a Texan metal supplier.

    Umeti and his alleged accomplices, Franklin Ifeanyichukwu Okwonna from Nigeria and Mohammed Naji Mohammedali Butaish from Saudi Arabia, used a mixture of phishing attacks and malware to gain unauthorised remote access to compromised computers inside targeted companies.

  • The Register UK ☛ NHS boss says Scottish trust didn't meet attackers' demands

    "In February this year, NHS Dumfries and Galloway was the victim of a targeted attack by cybercriminals," said Julie White, chief exec at NHS Dumfries and Galloway, in the letter [PDF]. "This did not interrupt the care provided to patients, and no data on our systems was deleted or changed. However, the criminals were able to access and copy large amounts of patient and staff-identifiable data.

    "When their demands weren't met, they published the stolen files onto the internet on May 6, 2024. We are advising people in Dumfries and Galloway that the best approach to take is to assume that some data relating to you is likely to have been copied and published.

  • Cyble Inc ☛ Akira Ransomware Claims TETRA Technologies Cyberattack

    The threat actor behind this attack, Akira ransomware, has emerged as a significant threat in cybersecurity, highlighted by the Cybersecurity and Infrastructure Security Agency (CISA) warning and its widespread impact across various industries worldwide.

  • The Record ☛ Cleveland confirms ransomware attack as City Hall remains closed

    Signal Cleveland reported that wireless internet is still down at City Hall and Wi-Fi hotspots have been distributed so that employees can continue working. Despite the outages, employees were paid this week, the news outlet reported.

    Officials urged those in need of birth or death certificates to submit applications online or go to City Hall offices in Parma and Lakewood. The statement did not say when systems will be fully restored.

  • Cyble Inc ☛ MEDUSA Ransomware Targets US School And Accounting Firm

    In a scenario mirroring all of its previous attacks, the group has not divulged critical information, such as the type of compromised data.

    It has, however, demanded a bounty of US $120,000 from Fitzgerald, DePietro & Wojnas CPAs, P.C and $100,000 from Tri-City College Prep High School to stop leaking internal data of the concerned organizations.

  • YLE ☛ Paper: Finland sees record number of data breach reports in 2023

    Uutissuomalainen further reported that the number of reports submitted to the Ombudsman has increased every year since the EU's General Data Protection Regulation (GDPR) placed an emphasis on organisations and companies to report suspected data breaches.