💾 Archived View for gemini.tuxmachines.org › n › 2023 › 06 › 16 › Windows_TCO_Security_Failings.gmi captured on 2023-06-16 at 16:12:12. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-06-20)

-=-=-=-=-=-=-

Tux Machines

Windows TCO (Security Failings)

Posted by Roy Schestowitz on Jun 16, 2023

Android Leftovers

Kdenlive 23.04.2 released

XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions

=> https://www.securityweek.com/xss-vulnerabilities-in-azure-led-to-unauthorized-access-to-user-sessions/ ↺ XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions

Two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) could have led to unauthorized access to user sessions, data tampering, and service disruptions, cloud security firm Orca warns.

Energy Department among federal agencies breached by Russian ransomware gang [Ed: Microsoft, not Russia, is the problem here. They need secure systems without back doors.]

=> https://www.twincities.com/2023/06/15/energy-department-among-federal-agencies-breached-by-russian-ransomware-gang/ ↺ Energy Department among federal agencies breached by Russian ransomware gang

U.S. officials say the Department of Energy is among a small number of federal agencies compromised in a Russian cyber-extortion gang's global hack of a file-transfer program popular with corporations and governments. They say the impact is not expected to be great. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that the hacking campaign was short, opportunistic and caught quickly. A senior CISA official said neither the U.S. military nor intelligence community was affected. Known victims to date include Louisiana's Office of Motor Vehicles and Oregon's Department of Transportation.

U.S. Agencies Breached in Cyberattack by Russian Ransomware Group [Ed: Microsoft Windows TCO]

=> https://www.nytimes.com/2023/06/15/us/politics/russian-ransomware-cyberattack-clop-moveit.html ↺ U.S. Agencies Breached in Cyberattack by Russian Ransomware Group

The top U.S. cybersecurity agency said it did not have evidence that the group was acting in coordination with the Russian government.

Russian national arrested in Arizona, charged for alleged role in LockBit ransomware attacks

=> https://cyberscoop.com/lockbit-russian-national-arrested/ ↺ Russian national arrested in Arizona, charged for alleged role in LockBit ransomware attacks

LockBit, which emerged in January 2020, was the most active ransomware variant in 2022 in terms of victims claimed on the group’s data leak site, U.S. cybersecurity officials said in a June 14 advisory. Known LockBit attacks accounted for 16% of state, local, tribal and tribunal government ransomware attacks reported in the U.S. in 2022, as well as roughly 20% of known government ransomware attacks in Australia, Canada and New Zealand, the advisory said. Since January 2020 the group is associated with approximately $91 million in ransoms paid in the U.S., the advisory said.

gemini.tuxmachines.org