Security and Windows TCO
-
Bruce Schneier ☛ Mailbox Insecurity
It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox.
-
Silicon Angle ☛ Database belonging to Builder.ai found exposing 1.29TB and 3M+ records
More than 3 million records and 1.29 terabytes of data belonging to a prominent artificial intelligence startup have been found exposed on a misconfigured clown storage system.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – December 2024
Welcome to the December 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. Lead: 2025...
-
Scoop News Group ☛ Study finds ‘significant uptick’ in cybersecurity disclosures to SEC
However, less than 10% of the disclosures addressed the material impacts of the security incidents.
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (chromium and gunicorn), Fedora (jupyterlab), Oracle (bluez, containernetworking-plugins, edk2:20220126gitbb1bba3d77, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, and unbound:1.16.2), SUSE (avahi, docker, emacs, govulncheck-vulndb, haproxy, kernel, libmozjs-128-0, python-grpcio, python310-xhtml2pdf, sudo, and tailscale), and Ubuntu (dpdk, linux-hwe-5.15, and linux-iot).
-
Windows TCO
-
YLE ☛ Cyber attack hits Valio, putting data of 5,000 at risk
This data encompasses identity numbers, salary details, and health-related information tied to benefit processing.
According to Valio, the attack was initially believed to be a ransomware incident aimed at disrupting business operations.
-
The Record ☛ US unseals complaint against Russian-Israeli accused of working for LockBit | The Record from Recorded Future News
The complaint states that U.S. authorities had already developed significant independent evidence at the time of the LockBit disruption linking Panev to a moniker used on a darknet cybercrime forum.
-
Security Week ☛ Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme
The Play ransomware group has claimed responsibility for the cyberattack that disrupted operations at donut and coffee retail chain Krispy Kreme last week.
The incident occurred on November 29, the North Carolina company said in a regulatory filing with the Securities and Exchange Commission (SEC) last week.
-
The Verge ☛ US reveals charges against alleged LockBit ransomware developer
As outlined in the complaint, Panev is accused of working as a developer for LockBit since the group first formed in 2019, helping to wage ransomware attacks on hundreds of entities around the globe, including hospitals, businesses, government agencies, and more.
-
VOA News ☛ US charges Russian Israeli dual national tied to Lockbit ransomware group
Lockbit and its malware were linked to attacks on more than 2,500 victims in at least 120 countries around the world, according to the department, including small businesses and large multinationals, hospitals, schools, critical infrastructure, government and law enforcement agencies.
Lockbit was discovered in 2020 when its eponymous malicious software was found on Russian-language cybercrime forums.
It operated a ransomware-as-a-service operation, in which a core group of developers and administrators worked with affiliates who carried out attacks. Extortion proceeds were split among the parties involved.
-
The Record ☛ Nearly 6 million people were impacted by ransomware attack on Ascension Health
Everything from records of tests received to credit card information, Social Security numbers, and passports was stolen during the hack — which forced the organization’s 140 hospitals across 19 states to operate manually for weeks.
Victims are getting two years of free identity protection services and access to a $1,000,000 insurance reimbursement policy for fraud incidents.
In total, the healthcare nonprofit said 5,599,699 people were impacted by the breach. The revelation comes after the organization said in June that the hackers accessed just seven of its 25,000 servers during the ransomware attack and likely only stole some health information and personal data belonging to “certain individuals.”
-