💾 Archived View for gemini.tuxmachines.org › n › 2023 › 06 › 16 › Windows_TCO_Security_Failings.gmi captured on 2024-07-08 at 23:18:23. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-06-20)
-=-=-=-=-=-=-
Tux Machines
Posted by Roy Schestowitz on Jun 16, 2023
=> https://www.securityweek.com/xss-vulnerabilities-in-azure-led-to-unauthorized-access-to-user-sessions/ ↺ XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions
Two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) could have led to unauthorized access to user sessions, data tampering, and service disruptions, cloud security firm Orca warns.
=> https://www.twincities.com/2023/06/15/energy-department-among-federal-agencies-breached-by-russian-ransomware-gang/ ↺ Energy Department among federal agencies breached by Russian ransomware gang
U.S. officials say the Department of Energy is among a small number of federal agencies compromised in a Russian cyber-extortion gang's global hack of a file-transfer program popular with corporations and governments. They say the impact is not expected to be great. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that the hacking campaign was short, opportunistic and caught quickly. A senior CISA official said neither the U.S. military nor intelligence community was affected. Known victims to date include Louisiana's Office of Motor Vehicles and Oregon's Department of Transportation.
=> https://www.nytimes.com/2023/06/15/us/politics/russian-ransomware-cyberattack-clop-moveit.html ↺ U.S. Agencies Breached in Cyberattack by Russian Ransomware Group
The top U.S. cybersecurity agency said it did not have evidence that the group was acting in coordination with the Russian government.
=> https://cyberscoop.com/lockbit-russian-national-arrested/ ↺ Russian national arrested in Arizona, charged for alleged role in LockBit ransomware attacks
LockBit, which emerged in January 2020, was the most active ransomware variant in 2022 in terms of victims claimed on the group’s data leak site, U.S. cybersecurity officials said in a June 14 advisory. Known LockBit attacks accounted for 16% of state, local, tribal and tribunal government ransomware attacks reported in the U.S. in 2022, as well as roughly 20% of known government ransomware attacks in Australia, Canada and New Zealand, the advisory said. Since January 2020 the group is associated with approximately $91 million in ransoms paid in the U.S., the advisory said.