Security, Windows TCO, and Digital Restrictions/Lock-down
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).
OFAC Sanctions Russian National Ekaterina Zhdanova for Using Cryptocurrency to Launder Money on Behalf of Russian Elites and Ransomware Groups
Zhdanova employed her knowledge of cryptocurrency and connections with illicit actors around the world to launder money for Russian elites. According to OFAC, in March 2022, Zhdanova helped a Russian client launder more than $2.3 million, moving the money to Western Europe via fraudulent investment accounts and real estate purchases.
Attorney General James Secures $450,000 from Medical Company Providing Services in Western New York for Failing to Protect Patient Data
New York Attorney General Letitia James today secured $450,000 from US Radiology Specialists, Inc. (US Radiology) for failing to protect its patients’ personal and health care data. US Radiology partners with and acts as a service provider for facilities throughout the country, including the Windsong Radiology Group, which has six offices across Western New York. An investigation by the Office of the Attorney General (OAG) found that US Radiology did not prioritize upgrading its hardware, which left its network exposed to a known vulnerability, leading to a ransomware attack that affected more than 92,000 New Yorkers. As a result of today’s agreement, US Radiology has agreed to pay $450,000 in penalties to New York, update its IT infrastructure, properly secure its networks, and update its data security policies.
Aliquippa – PA, cyberattack: Hopewell Area School District is yet another victim in the education sector
This time, it’s the Hopewell Area School District (KG-12), a school district comprising 5 schools (Hopewell High School, Hopewell Memorial Junior High School, Margaret Ross Elementary, Independence Elementary, Hopewell Elementary) located in Aliquippa, Beaver County, PA, U.S., with a total of over 2,000 students according to data recorded in the 2021-2022 school year by the NCES U.S. (National Center for Education Statistics).
Data Breaches ☛ Sumo Logic alerts customers about security incident; advises rotate Sumo Logic API access keys
Sumo Logic describes themselves as providing best-in-class cloud monitoring, log management, Cloud SIEM tools, and real-time insights for web and SaaS based apps. On November 7, they posted a notice on their website that they identify as “a possible security incident within our platform.”
According to their notice, Sumo Logic discovered evidence of a potential security incident on November 3.
“The activity identified used a compromised credential to access a Sumo Logic AWS account. We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted.”
Windows TCO
Hacker News ☛ SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat.
Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT.
Digital Restrictions
LWN ☛ Chamberlain v. Home Assistant
The developers of Home Assistant, which has recently been covered here, have announced that they will be removing support for Chamberlain and Liftmaster garage-door openers after being locked out by the company.
