Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).
-
Security Week ☛ UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts are investigating 58 suspected North Korean cyberattacks valued at approximately $3 billion, with the money reportedly being used fund development of weapons of mass destruction.
-
IT Jungle ☛ IBM Patches New Security Vulns In I.B.M. i Components, Power Firmware
IBM has patched a series of moderate security vulnerabilities in I.C.B.M. i products and Power firmware over the past two weeks. The I.B.M. i flaws span Rational Developer for i (RDi), Access Client Solutions (ACS), and the Java development kit and runtime, while the Power flaw involves PowerVM and its communications with the Hardware Management Console (HMC).
-
[Windows TCO] Graham Cluley ☛ 20+ hospitals in Romania hit hard by ransomware attack on IT service provider
-
Data Breaches ☛ Data breach of two third-party payment operators affects more than 33 million in France: CNIL opens an investigation
The CNIL was informed by Viamedis and Almerys of the computer attack to which they were victims at the end of January. These operators, who manage third-party payment for complementary health insurance, saw the data necessary for their missions be compromised during this breach.
In total, this data leak concerns more than 33 million people. The data concerned are, for policyholders and their families, marital status, date of birth and social security number, the name of the health insurer as well as the guarantees of the contract taken out.
Data such as banking information, medical data, health reimbursements, postal details, telephone numbers or even emails would not be affected by the violation.