Tux Machines

Security: Fortinet, Coinbase, Bash, and Breaches

Posted by Roy Schestowitz on Feb 21, 2023,

updated Feb 21, 2023

=> Devices: STM32G4, ODROID-H3+ SBC, Sparkfun NanoBeacon, and Raspberry Pi | today's howtos

Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb

=> ↺ Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb

Fortinet releases 40 security advisories to inform customers about patches, including for critical code execution vulnerabilities in FortiNAC and FortiWeb.

Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks

=> ↺ Coinbase Attack Linked to Group Behind Last Year’s Twilio, Cloudflare Hacks

Coinbase was recently targeted in a sophisticated phishing attack and the cryptocurrency exchange linked the hack to the 0ktapus group.

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

=> ↺ ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

API security is a ‘great gateway’ into a pen testing career, advises specialist in the field

OneNote Suricata Rules, (Sun, Feb 19th)

=> ↺ OneNote Suricata Rules, (Sun, Feb 19th)

Bash security tips: securing your scripts and preventing vulnerabilities

=> ↺ Bash security tips: securing your scripts and preventing vulnerabilities

As the use of Bash scripting becomes increasingly common, it's important to consider the security risks associated with these scripts. Bash scripts can be an easy target for attackers, who may attempt to exploit vulnerabilities in your code to gain access to your system or execute malicious commands. In this article, we will discuss some tips for securing your Bash scripts and preventing vulnerabilities.

Lehigh Valley Health Network reveals attack by BlackCat

=> ↺ Lehigh Valley Health Network reveals attack by BlackCat

The Lehigh Valley Health Network has been the target of a cyberattack from a suspected Russian ransomware group.

In a statement issued Monday morning, LVHN President and CEO Brian A. Nester said, “Lehigh Valley Health Network has been the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. As of today, the attack has not disrupted LVHN’s operations. Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”

Data Leak Hits Thousands of NHS Workers

=> ↺ Data Leak Hits Thousands of NHS Workers

An estimated 14,000 employees at a Liverpool NHS hospital trust have been informed that their data was leaked via email due to human error, according to reports.

A file containing sensitive payroll information was sent to hundreds of NHS managers and 24 external accounts, according to an apology letter to victims from trust chief executive, James Sumner, seen by the Liverpool Echo.

“The spreadsheet file included a hidden tab which contained staff personal information,” the letter read. “Whilst it was not visible to those receiving the email, it should not have been included in this spreadsheet. The information in this hidden tab included names, addresses, DOBs, NI numbers, gender, ethnicity, salary, it did not include bank account details.”

Each of the 24 external recipients have been notified and confirmed deletion of the file, Sumner reportedly added.

Fake Ethereum Denver website linked to notorious phishing wallet

=> ↺ Fake Ethereum Denver website linked to notorious phishing wallet

Hackers continue to create fake Web3-enabled websites to fleece unsuspecting victims’ browser-based wallets, with ETHDenver being the latest victim.

=> gemini.tuxmachines.org