Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 12, 2023

=> today's howtos | GNU Health Hospital Management 4.2 series released!

Urgent OpenSSL Security Advisory: High-Severity Address Type Confusion Vuln Fixed

=> ↺ Urgent OpenSSL Security Advisory: High-Severity Address Type Confusion Vuln Fixed

On February 7, 2023 OpenSSL released a security advisory regarding several security vulnerabilities that were recently discovered and fixed, including a high-severity address type confusion bug that could be exploited by attackers to read memory contents or enact a denial of service (DoS).

OpenSSL is a software library for applications that contains an open-source implementation of the SSL and TLS protocols and provides secure communications over computer networks. It is widely used by Internet servers, including the majority of HTTPS websites, making it critical that users are aware of the recent OpenSSL flaws that have been discovered, how to determine if they are at risk, and how to protect against them. That’s why we’re providing you with the information you need to know to understand and defend against the OpenSSL vulnerabilities discovered this week.

Reproducible Builds (diffoscope): diffoscope 235 released

=> ↺ Reproducible Builds (diffoscope): diffoscope 235 released

The diffoscope maintainers are pleased to announce the release of diffoscope version 235. This version includes the following changes:

Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

=> ↺ Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

MTU being blackmailed and held to ransom, court hears [Ed: Microsoft Windows TCO]

=> ↺ MTU being blackmailed and held to ransom, court hears

Munster Technological University is being blackmailed and held to ransom by a group of hackers believed to be based either in Russia or part of the former Soviet Union, the High Court has heard.

The cyber attack on MTU's IT system, which was detected in recent days, is believed to have been carried out by individuals in a ransomware group known as ALPHV aka BlackCat or Noberus, the court heard.

Personal information exposed during breach in Edmonds School District's network

=> ↺ Personal information exposed during breach in Edmonds School District's network

The Edmonds School District said a "data event" is to blame for the technical problems that left the Edmonds schools without internet for nearly two weeks.

On Friday, Edmonds said an investigation by third-party forensic specialists into the data event found that an "unauthorized actor" was able to get into the school's network and view personal information between Jan. 16 and Jan. 31.

Medical records for 4,000 Garrison Women's Health patients lost: Here's what we know

=> ↺ Medical records for 4,000 Garrison Women's Health patients lost: Here's what we know

Medical records of Garrison Women’s Health patients were recently "subject to unauthorized third-party activity," according to information released Friday evening by Wentworth-Douglass Hospital.

For 4,158 patients, data such as appointment records and some personal health information cannot be restored, according to Adam Bagni, spokesperson for the hospital. The hospital states "there is no evidence" the information was viewed or taken, citing a forensic investigation by Global Network Systems, which hosted the records on its servers as the practice's technology service provider.

Cybersecurity Incident Shuts Down Biglaw Network

=> ↺ Cybersecurity Incident Shuts Down Biglaw Network

On the plus side, the cybersecurity incident at Troutman Pepper does not appear to have compromised any client data. So, in a sense, the system worked.

But as a damage recovery matter, leaving attorneys using personal email accounts and locally saved documents for over a day highlights that for all the talk about protecting data, the unheralded impact of a cyber breach tends to be leaving the firm technologically adrift for extended stretches while tech professionals perform clean up.

Reddit was hacked in a phishing attack targeting its employees

=> ↺ Reddit was hacked in a phishing attack targeting its employees

A Reddit employee's credentials were stolen in a targeted phishing attack, an administrator for the website has revealed, and hackers were able to infiltrate its systems on February 5th.

=> ↺ revealed

=> ↺ revealed

Iran celebrates 44th anniversary of Islamic revolution as TV coverage hacked

=> ↺ Iran celebrates 44th anniversary of Islamic revolution as TV coverage hacked

The Islamic Republic marked the 44th anniversary of the Iranian revolution on Saturday with state-organised rallies, as anti-government hackers briefly interrupted a televised speech by President Ebrahim Raisi.

Hackers Interrupt Raisi Speech As He Claims Iranian Protesters Have Been Defeated

=> ↺ Hackers Interrupt Raisi Speech As He Claims Iranian Protesters Have Been Defeated

In a defiant message on the anniversary of the 1979 Islamic Revolution, Iranian President Ebrahim Raisi said nationwide anti-government protests have been defeated.

=> gemini.tuxmachines.org