💾 Archived View for gemini.tuxmachines.org › n › 2023 › 09 › 09 › Security_Leftovers.gmi captured on 2024-06-20 at 12:33:39. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Tux Machines
Posted by Roy Schestowitz on Sep 09, 2023
=> https://www.linuxinsider.com/story/atlas-vpn-linux-leak-exposes-users-ip-addresses-177164.html ↺ Atlas VPN Linux Leak Exposes Users’ IP Addresses
A Reddit user with the handle 'Educational-Map-8145' published a proof-of-concept exploit last week for a zero-day flaw in the Linux client of Atlas VPN. The exploit code works against the latest version of the client, 1.0.3.
=> https://siliconangle.com/2023/09/07/apple-security-updates-address-vulnerabilities-targeted-nso-group/ ↺ Apple security updates address vulnerabilities targeted by NSO Group
Apple Inc. has released urgent security updates for its suite of operating systems after revealing two critical new vulnerabilities that researchers say were exploited by Israeli spyware maker NSO Group Ltd. to install spyware on devices.
=> https://cyberscoop.com/cisa-state-hackers-aviation/ ↺ Multiple nation-state hackers infiltrate single aviation organization
A single aviation organization was infiltrated by the hackers using vulnerabilities on internet-facing devices.
=> https://www.securityweek.com/atomic-macos-stealer-malware-delivered-via-malvertising-campaign/ ↺ ‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign
A malware named Atomic macOS Stealer (AMOS) has been delivered to users via a malvertising campaign.
=> https://isc.sans.edu/diary/rss/30198 ↺ Fleezeware/Scareware Advertised via Facebook Tags Available in Apple App Store, (Thu, Sep 7th)
=> https://isc.sans.edu/diary/rss/30200 ↺ Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities, (Thu, Sep 7th)
=> https://www.securityweek.com/apple-patches-actively-exploited-ios-macos-zero-days/ ↺ Apple Patches Actively Exploited iOS, macOS Zero-Days
Apple pushes out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild.
=> https://www.securityweek.com/see-tickets-alerts-300000-customers-after-another-web-skimmer-attack/ ↺ See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack
See Tickets is informing 300,000 individuals that their payment card information was stolen in a new web skimmer attack.
=> https://www.securityweek.com/cisa-releases-guidance-on-adopting-ddos-mitigations/ ↺ CISA Releases Guidance on Adopting DDoS Mitigations
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.
=> https://www.securityweek.com/cisco-patches-critical-vulnerability-in-broadworks-platform/ ↺ Cisco Patches Critical Vulnerability in BroadWorks Platform
Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform.
=> https://itwire.com/security/ransomware-hit-nearly-three-fourths-of-indian-firms-last-year.html ↺ Ransomware hit nearly three-fourths of Indian firms last year
More than half of these Indian companies — 53% to be exact — had forked out ransoms of up to US$500,000 (A$783,881) to end disruptions which had lasted from a day to weeks, the analyst firm added.
=> https://www.idc.com/getdoc.jsp?containerId=prAP51221023 ↺ added
It cited figures from the Computer Emergency Response Team of India which showed that 1.4 million incidents had been recorded in 2021, with slightly less (1.39 million) in 2022.
=> https://www.idc.com/getdoc.jsp?containerId=prAP51221023 ↺ added
=> https://www.darkreading.com/attacks-breaches/evil-telegram-spyware-campaign-infects-60k-mobile-users ↺ 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
=> https://www.securityweek.com/rigged-software-and-zero-days-north-korean-apt-caught-hacking-security-researchers/ ↺ Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers
Google again catches a North Korean APT actor targeting security researchers with zero-days and rigged software tools.
=> https://blog.chromium.org/2023/09/unveiling-chrome-web-stores-redesign.html ↺ Unveiling the Chrome Web Store's Redesign
In celebration of Chrome’s 15th birthday, we’re thrilled to introduce the redesigned Chrome Web Store. With a user-centric focus, we’ve made it easier for you to search and find fun themes and helpful extensions to stay productive at home or at work. Let's go behind the scenes and learn more about this redesign from Chrome Product Manager Hafsah Ismail and UX Designer Crystal Wang.
=> https://blog.google/products/chrome/Google-chrome-new-features-redesign-2023/ ↺ Chrome’s 15th birthday
=> https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0 ↺ MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
=> https://www.databreaches.net/quick-note-two-more-school-districts-hit-by-cyberattacks/ ↺ Quick note: Two more school districts hit by cyberattacks
Brett Callow of Emsisoft notes that LockBit has added Skokie-Morton Grove School District 69 in Illinois to their leak site. No proof of claim was posted and no description of any data allegedly stolen was provided.
=> https://www.wcmessenger.com/articles/decatur-isd-hit-by-suspected-cybersecurity-attack/ ↺ Decatur ISD hit by suspected cybersecurity attack
DISD’s main server went down at 5:15 a.m. Tuesday. Since then, district officials have met with various experts to look into the cause of the issue. On Friday, DISD Director of Communications Robyn Jones released a statement indicating the investigation has pointed to a “cybersecurity incident.”
=> https://www.databreaches.net/coca-cola-femsa-victim-of-ransomware-attack-and-data-leak/ ↺ Coca-Cola FEMSA victim of ransomware attack and data leak
The attack involved both encrypting files and backups and exfiltrating data. TheSnake claims the encryption did not interfere with the firm’s functioning.
=> https://www.databreaches.net/schneck-medical-center-settles-indiana-attorney-generals-lawsuit-over-2021-data-breach/ ↺ Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
On June 6, the state also sued Schneck, alleging violations of HIPAA, the Indiana Disclosure of Security Breach Act, and the Indiana Deceptive Consumer Sales Act.
=> https://www.databreaches.net/rite-aid-one-of-many-victims-in-moveit-breach-sued-for-negligence/ ↺ Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31.
=> https://www.begadistrictnews.com.au/story/8342260/dymocks-warns-shoppers-of-possible-dark-web-data-breach/ ↺ Dymocks warns shoppers of possible dark web data breach
Bookstore chain Dymocks has warned customers of a possible data breach that could lead to their personal information being leaked on the dark web.
In an email sent to members on Friday, the bookseller’s managing director, Mark Newman, said a potential hack was detected two days earlier.
=> https://www.dallasnews.com/news/politics/2023/09/08/dallas-delays-release-of-report-that-reviews-ransomware-response/ ↺ Dallas delays release of report that reviews ransomware response
An internal report reviewing Dallas’ response to a ransomware attack that was planned to be published Wednesday could now have its public release delayed up to two weeks, city officials say.
The hold up could mean further delaying clarity to the public on how the cyberattack happened and what steps the city took to safeguard residents’ personal information since then.
A full after-action report was scheduled to be released to the public after a briefing on the review’s findings by information technology officials to the City Council on Wednesday, but the briefing was postponed because it was past 8 p.m. by the time the presentation was set to be heard. The City Council meeting started around 9:30 a.m., and the bulk of it was spent discussing amendments to the upcoming budget.
=> https://www.databreaches.net/more-than-a-year-later-lifeline-health-systems-notifies-75000-people-of-a-data-breach/ ↺ More than a year later, Lifeline Health Systems notifies 75,000 people of a data breach
What conditions existed that should excuse Lifeline Health Systems from its obligation under the HIPAA Breach Notification Rule to notify HHS and those affected no later than 60 days from discovery? Is this another case where maybe HHS should take enforcement action and start handing out fines and corrective action plans to make sure entities comply with the timely notification rule?
=> https://www.databreaches.net/the-blackbaud-data-breach-suspectfiles-final-chapter/ ↺ The Blackbaud data breach — SuspectFile’s final chapter
While SuspectFile closes its data collection and provides its final figures, we note that litigation against Blackbaud is ongoing. There are still multiple cases open against them stemming from the incident.
=> https://www.suspectfile.com/blackbaud-data-breach-2020-2023-the-final-chapter/ ↺ Blackbaud Data Breach (2020-2023), the final chapter
With this article on the Blackbaud Data Breach, we conclude the final chapter of a story that SuspectFile has been following for three years, but not before updating our table with the number of people involved in the data breach at the University of Birmingham – UK (464,395), a figure that was only recently provided to us by the university.
=> https://lwn.net/Articles/943990/ ↺ Security updates for Friday
Security updates have been issued by Debian (chromium, libssh2, memcached, and python-django), Fedora (netconsd), Oracle (firefox and thunderbird), Scientific Linux (firefox), SUSE (open-vm-tools), and Ubuntu (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5).
=> https://techcrunch.com/2023/09/08/polish-senate-says-use-of-government-spyware-is-illegal-in-the-country/ ↺ Polish Senate says use of government spyware is illegal in the country | TechCrunch
A Polish Senate commission concluded that Poland government's use of spyware made by NSO Group was illegal and influenced the 2019 elections.