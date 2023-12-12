Security and Windows TCO Leftovers
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (chromium), Fedora (bluez, chromium, and curl), Red Hat (apr), Slackware (libxml2), and Ubuntu (squid3 and tar).
Data Breaches ☛ Did Akumin experience two cyber attacks in October and November? It has only acknowledged one.
On October 25, DataBreaches reported that Akumin’s ability to provide diagnostic services at some locations remained disrupted two weeks after they detected suspicious activity on their network. What they subsequently identified as a ransomware attack occurred during a time when Akumin was also dealing with bankruptcy.
National Law Review US ☛ FCC Partners With States to Increase on Privacy and Data Protection Investigations, Signaling Increased Focus on Future Enforcement
The Federal Communications Commission (“FCC”) announced Thursday that in furtherance of the work of the agency’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau signed Memoranda of Understanding (“MOU”) with the Attorneys General of Connecticut, Illinois, New York, and Pennsylvania to share expertise and resources and to coordinate efforts conducting privacy, data protection and cyber-security-related investigations. These states have been some of the most aggressive privacy and data security regulators in the past, making these MOUs especially noteworthy.
In addition, the announcement indicates that the FCC intends to rely on authority under Sections 201 and 222 of the Communications Act to increase its investigation and enforcement activity concerning privacy, data protection, and cybersecurity issues. Section 222 generally requires carriers and VoIP providers to protect their customer proprietary network information (“CPNI”), such as service-related billing information. Under the current rules implementing Section 222, carriers and VoIP providers must notify customers, the Federal Bureau of Investigation, and the U.S. Secret Service of data breaches that may have exposed CPNI. The FCC also has the authority to investigate breaches involving intentional unauthorized access to, use, or disclosure of CPNI.
Scoop News Group ☛ North Korean hacking ops continue to exploit Log4Shell [Ed: It was patched ages ago; this helps distract from many ongoing Microsoft breaches]
Two years after the Log4j vulnerability was revealed, North Korean hackers are continuing to use the flaw in a ubiquitous piece of open source software to carry out attacks as part of a hacking campaign targeting manufacturing, agricultural and physical security entities, according to research released Monday.
Carried out over the course of 2023 and described in a report released by Cisco’s Talos Intelligence Group on Monday, the campaign employed at least three new malware families and relied, in part, on the Log4Shell exploit, highlighting the long tail of the Log4j vulnerability and how failure to patch the flaw is providing a ready tool to malicious hackers.
Data Breaches ☛ Multiple Ohio schools receive threats, believed to be Russian hackers, saying bombs are in schools
So what’s the purpose of these threats? Is it to distract attention to physical security while something is going on in the network?
Purism ☛ PureBoot Not Vulnerable to UEFI Exploits (Again)
FOSSLife ☛ Greg Kroah-Hartman Explains GNU/Linux Kernel Security
At the recent Open Source Summit (OSS) Japan 2023, Greg Kroah-Hartman, GNU/Linux stable kernel maintainer and member of the kernel security team, discussed the “evolving landscape of open source software security” and explained how the GNU/Linux kernel developers' security team approaches issues, reports Steven J. Vaughan-Nichols.
Windows TCO
The Register UK ☛ 2.5M patients infected with data loss in Norton Healthcare ransomware outbreak
The not-for-profit healthcare system said it discovered the security incident, later determined to be a ransomware infection, on May 9, two days after the intrusion.
Maine ☛ Data Breach Notifications: Norton Healthcare, Inc.
Total number of persons affected (including residents): 2,500,000
