Tux Machines
Posted by Roy Schestowitz on Feb 23, 2023,
updated Feb 23, 2023
=> today's howtos | KDE Plasma 5.27.1 Improves Support for Wine Games in Plasma Wayland, Fixes Bugs
=> ↺ US Military Emails Exposed via Cloud Account
=> ↺ Hacker Breaches Activision Slack, Steals Call of Duty Info
Screenshots show how a hacker tricked an Activision worker into providing a two-factor authentication token.
=> ↺ Activision did not notify employees of data breach for months
On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data.
This data breach was not disclosed until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data, as well as the hackers’ messages on Activision’s internal Slack channel.
But the public weren’t the only ones caught off guard by news of the breach. Activision has yet to notify its own employees of the data breach, and whether their data was stolen, according to two current Activision employees who spoke on condition of anonymity, as they were not allowed to talk to the press.
=> ↺ Version 0.34.0 of Falco, an Open Source Runtime Security Tool was Recently Released
Falco, an open-source runtime security tool recently announced their latest release version 0.34.0. Highlights of the latest release include support for older RHEL distros, the ability to download and update Falco rules at runtime, and the experimental release of a modern eBPF probe.
=> ↺ VMware Plugs Critical Carbon Black App Control Flaw
VMware issues a critical fix for a vulnerability that allows hacker to gain full access to the underlying server operating system.
=> ↺ Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve
The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them.
=> ↺ A DNA Testing Company Forgot About 2.1 Million People’s Data. Then It Leaked.
A prominent DNA testing firm has settled a pair of lawsuits with the attorney generals of Pennsylvania and Ohio after a 2021 episode that saw�cybercriminals steal data on 2.1 million people, including the social security numbers of 45,000 customers from both states.
=> ↺ New ‘Stealc’ information-stealing malware grows in popularity on dark web
Cybersecurity researchers today detailed recently discovered information-stealing malware that is rapidly growing in popularity on dark web marketplaces.
=> ↺ CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
=> ↺ Known Exploited Vulnerabilities Catalog
=> ↺ Known Exploited Vulnerabilities Catalog | ↺ CVE-2022-47986 | ↺ CVE-2022-41223 | ↺ CVE-2022-40765
=> ↺ CISA Releases Two Industrial Control Systems Advisories
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
=> ↺ Mitsubishi Electric MELSOFT iQ AppPortal | ↺ Philips Vue PACS (Update C)
=> ↺ Watch out for scams posing as the Kanta Services and My Kanta Pages!
There are a lot of scam messages in circulation at the moment as criminals try to access Finnish personal data. The Kanta Services will never contact users by email or text message to ask for their information. The only way to log in securely to the My Kanta Pages is to go to www.kanta.fi
At present there is an unusual number of scam messages in circulation claiming to be from the Kanta Services and trying to access people’s personal data.
=> ↺ Singapore data centre says no data loss discovered after report on hackers obtaining logins
Data centre operator ST Telemedia Global Data Centres (STT GDC) has noticed no data loss or impact to its customer service portals following a hacking incident in 2021, it said on Tuesday (Feb 21).
Through unspecified means, the hackers made away with login credentials - email addresses and passwords - for customer-support websites for STT GDC and Chinese data centre operator GDS, reported Bloomberg, citing a report by cybersecurity research firm Resecurity.
Login credentials for more than 1,000 people at STT GDC were stolen, while GDS had information for more than 3,000 people, including its own employees and those of its customers, stolen, according to Bloomberg.
=> ↺ Ways and means committee demands investigation into 2021 taxpayer info leak
Nineteen months after the confidential tax filings of American citizens were leaked, the House Committee on Ways and Means is seeking answers.
In a letter to the Inspector General for Tax Administration, committee chairman Jason Smith (R-MO) relays his “expectations” regarding the “egregious and unprecedented” leak of this tax information, a duty which he affirms the IRS is tasked with keeping “confidential and secure.”
“U.S. Department of the Treasury Secretary Yellen stated at the time that this was a ‘very serious situation’ and that the issue was referred to the Treasury Inspector General for Tax Administration (TIGTA). She also indicated that she would keep Congress updated on the matter. Yet, nineteen months after the outrageous leak, Congress and, more importantly, the American people have no idea how this betrayal of taxpayer confidentiality happened or whether anyone has been held accountable,” Smith writes.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB