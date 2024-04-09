Security Leftovers
IT Wire ☛ Suspected Russian hack of Abusive Monopolist Microsoft also affected govt systems
A suspected Russian intrusion into Microsoft's corporate systems, which was disclosed in January, also affected US federal government systems, according to the US Cybersecurity and Infrastructure Security Agency.
Xe's Blog ☛ "No way to prevent this" say users of only language where this regularly happens
In the hours following the release of CVE-2024-2511 for the project OpenSSL, site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix a memory leak that allows for unbounded growth when using a non-default TLSv1.3 configuration.
Open Source Security (Audio Show) ☛ Josh Bressers: Episode 423 – FCC cybersecurity label for consumer devices
Josh and Kurt talk about a new FCC program to provide a cybersecurity certification mark. Similar to other consumer safety marks such as UL or CE. We also tie this conversation into GrapheneOS, and what trying to claim a consumer device is secure really means.
More Woes for Change Healthcare and Patients
Four months after law enforcement took down AlphV’s leak site and disrupted their operations, AlphV has not recovered.
The damage from law enforcement in December was one factor. Then, in March, a self-described affiliate claimed that AlphV had gotten a $22 million payment from Change Healthcare OPTUM but had taken the money, suspended the affiliate’s account, and kept all the money for themselves. The affiliate claimed that AlphV had locked the target, but it was the affiliate who had exfiltrated the data. The affiliate was quite clear that they still had Change Healthcare’s data.