Security Leftovers
-
Security updates for Wednesday [LWN.net]
Security updates have been issued by Fedora (firefox), Oracle (kernel, kernel-container, and nss), and SUSE (curl, dpdk, drbd, go1.18, kernel, openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils, oracleasm, python3, slirp4netns, and xen).
-
Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA [Ed: Microsoft Windows TCO]
Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says.
-
Spain Needs More Transparency Over Pegasus: EU Lawmakers
Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said.
-
Malware Trends: What’s Old Is Still New [Ed: They target Microsoft and it's very easy (there are even back doors in there)]
Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it.
-
Privacy Commissioner Steps Away From Cyber Attack Investigation
Privacy Commissioner Michael Harvey has stepped away from further involvement in his office’s investigation into the 2021 cyber attack on the health care system.
Revelations about government seeking a court ruling on a potential conflict of interest with Harvey was a topic during question period in the House of Assembly yesterday.
Harvey is a former assistant deputy minister of health and was on the board of the Newfoundland and Labrador Centre for Health Information before being appointed as Privacy Commissioner.
-
CISA Expands Cybersecurity Committee, Updates Baseline Security Goals [Ed: But it's reports are shadow-written by Microsoft moles]
CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals.
-
Skylink hit by [cra]cker attack
M7 Group’s Czech and Slovak operator Skylink has fallen the victim of a hacker attack.
In a note published on the Skylink CZ’s Facebook page, the operator said: “We apologise, currently we have reported a system outage (web, customer zone) due to a hacker attack. We are working intensively on the repair. We thank you for your understanding”.
-
South Korea fines McDonalds for data leak from raw SMB share
-
McDonald's Korea fined 696 mln won for breach of customers' personal data
McDonald's Korea was given a fine of 696 million won (US$532,110) on Wednesday after the personal data of 4.87 million customers was leaked to hackers due to the firm's lax data management.
The Personal Information Protection Commission handed out the fine to the Korean branch of the American fast food chain, along with a financial penalty of about 10 million won for the data breach.
-
WB Area CTC administrative director discusses cyber attack
-
Uncovering the unheard: Researchers reveal inaudible remote cyber-attacks on voice assistant devices
Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, recently published a paper on USENIX Security 2023 that demonstrates a novel inaudible voice trojan attack to exploit vulnerabilities of smart device microphones and voice assistants — like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana — and provide defense mechanisms for users.
-
NYC Special Needs Students' Records Found Exposed on Web
Nearly 50,000 documents containing personal information of special education students who live in New York City and attend public school there were recently found
-
Former GOP Senate candidate livid after Air Force failed to notify him about release of his military records
Former Colorado GOP Senate candidate Robert “Eli” Bremer is livid over the Air Force’s failure to notify him about the branch’s improper release of his military records, which he first learned about from a reporter who was covering the latest developments in the problematic story for the Defense Department.
Speaking to Fox News Digital on Wednesday, Bremer, a former Olympian who sought the GOP nomination for Senate in Colorado last year, said he was first notified about the incident by a Politico reporter who sought comment from him about the Air Force’s admission that it had leaked his records to Due Diligence Group, a Democratic Party-aligned research firm.
-
Stung by Free Decryptor, Ransomware Group Embraces Extortion [Ed: Ransomware articles almost always fail to mention "Microsoft" and "Windows"]
Not all ransomware groups wield crypto-locking malware. Some have adopted other strategies. Take BianLian. After security researchers released a free decryptor for its malware, instead of encrypting files, the group chose to steal them and demand ransom solely for their safe return.
-
Cannabis regulators putting out ‘a series of fires’ involving a Russian oligarch and data breach
Thousands of employees in the Massachusetts cannabis industry received an official email last week about a major data breach: the name, home and email address, phone number and date of birth of every cannabis worker in the state had been made public in an “inadvertent release of agency documents” by the state’s own Cannabis Control Commission. Along with the names and personal information, the dataset included a list of former employees and the specific reasons they were no longer associated with the marijuana company, including alleged violations of company policy.
-
Fact or fiction, hacktivists’ claims of industrial sabotage in Russia or Ukraine get attention online
Hacktivist are increasingly turning towards targeting operational technology in critical infrastructure systems.
-
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
-
Chrome 111 Update Patches High-Severity Vulnerabilities
The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.
-
High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software.
-
BreachForums Shut Down Over Law Enforcement Takeover Concerns
The popular cybercrime forum BreachForums is being shut down following the arrest of Conor Brian Fitzpatrick, who is accused of running the website.