Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (gstreamer1.0), Fedora (jupyterlab and python-notebook), Oracle (gimp:2.8.22, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, php:8.2, postgresql, and python3.11), SUSE (aws-iam-authenticator, firefox, installation-images, kernel, libaom, libyuv, libsoup, libsoup2, python-aiohttp, socat, thunderbird, and vim), and Ubuntu (curl, Docker, imagemagick, and kernel).
-
Windows TCO
-
Security Week ☛ US Water Facilities Urged to Secure Access to Internet-Exposed HMIs
According to a new fact sheet (PDF) from the Environmental Protection Agency (EPA) and the US cybersecurity agency CISA, exposed HMIs in water and wastewater systems could allow threat actors to access information about or tamper with industrial control systems (ICS).
“Threat actors have demonstrated the capability to find and exploit internet-exposed HMIs with cybersecurity weaknesses easily. For example, in 2024, pro-Russia hacktivists manipulated HMIs at water and wastewater systems, causing water pumps and blower equipment to exceed their normal operating parameters,” the two agencies say.
-
Security Week ☛ Texas Tech University Data Breach Impacts 1.4 Million People
Interlock was initially detailed in September, targeting organizations in the healthcare, government, manufacturing, and technology sectors in the US and Europe, engaging in double-extortion tactics and lingering in victims’ networks for weeks before deploying file-encrypting ransomware.
However, Interlock is not the only ransomware group to claim an attack on Texas Tech University. In July, the Meow ransomware group was offering for sale five SQL databases allegedly containing emails, passwords, and other sensitive information from the university, along with a security vulnerability affecting the institution’s website.
-
Scoop News Group ☛ Clop is back to wreak havoc via vulnerable file-transfer software
Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software. The vulnerabilities, which affected Cleo’s LexiCom, VLTrader, and Harmony products, have led to worries that sensitive data across various industries could be swiped by the group in a repeat of some of the most damaging security incidents of the past few years.
-
Cyble Inc ☛ Telecom Namibia Cyberattack: 400,000 Files Leaked
The cyberattack on Telecom Namibia was allegedly carried out by a notorious ransomware group known as Hunters International. This ransomware-as-a-service operation was able to exfiltrate 626.3GB of data, including 492,633 files, before threatening to release the stolen information unless their ransom demands were met, reported the New Era newspaper.
Once the ransom deadline passed, hundreds of sensitive customer records, including personal identification details, addresses, and banking information, were leaked and began circulating on social media.
-
Enterprise Security Tech ☛ Rhode Island’s Public Assistance System Breached by Brain Cipher Ransomware Attack
Brain Cipher, a ransomware group that surfaced in June 2024, has quickly become a formidable player in the cybercrime landscape. Leveraging tools like the leaked LockBit 3.0 ransomware builder, the group is known for sophisticated, double-extortion tactics, which combine data theft with system encryption.
-
Nexstar Media Group Inc ☛ Ransomware group Brain Cipher behind RI cyberattack; claims 1 TB of data stolen
At the time, Deloitte quickly told news outlets that its own internal systems hadn’t been breached, though one of its clients’ systems had. But it wasn’t until Monday, when Target 12 asked directly, that the company confirmed Brain Cipher had compromised RIBridges.
-
The Register UK ☛ Deloitte handling 'major' cyberattack on Rhode Island system
RIBridges is the online portal through which Rhode Islanders apply and determine their eligibility for social services and benefits. Deloitte notified the state of a "major security threat" to the system on Friday, December 13.
-
PC World ☛ Windows Outlook app is having login troubles, throws up an error code
Outlook has been experiencing problems on Windows 10 and Windows 11 computers for days now, probably starting as early as December 2nd. It’s been reported by affected users across various forums and in Microsoft’s Feedback Hub that when users try to log into Outlook, the app issues error code 0x80049dd3.
-
-
Confidentiality
-
University of Toronto ☛ We have an unusual concern when we use Let's Encrypt
One of the bits of recent TLS news is that Let's Encrypt is going to start offering 6-day TLS certificates. When I was thinking about my reaction to this, I realized that we have some unusual concerns that make me more nervous than average about getting Let's Encrypt TLS certificates with such short lifetimes.
-
SequoiaPGP ☛ Blog - Sequoia PGP: A Sapling Matures: Meet sq 1.0
The Sequoia PGP team is happy to announce the release of version 1.0 of sq. sq is a command-line tool for working with OpenPGP artifacts with a focus on usability, security, and robustness.
After seven years of development, this is sq’s first stable release. A notable change for existing users of sq is that we will no longer change sq’s CLI in an incompatible manner.
-