Tux Machines
Posted by Roy Schestowitz on Feb 26, 2023
=> today's howtos | Stable kernels: Linux 6.2.1, Linux 6.1.14, Linux 5.15.96, Linux 5.10.170, Linux 5.4.233, Linux 4.19.274, and Linux 4.14.307
=> ↺ Here Are Some of the Most Hacked States in America
Every year, the FBI publishes a report on the state of cybercrime in the U.S., based on statistics collected from the previous year. The organization that does the collecting, the bureau’s Internet Crime Complaint Center, or IC3, compiles information on a state-by-state basis, detailing where hacking incidents…
=> ↺ report | ↺ Internet Crime Complaint Center
=> ↺ Vulnerability write-up - "Dangerous assumptions"
Last year, during a tangent for a project, Kevin and I found a series of vulnerabilities in (combinations of) several Node.js packages that led to critical issues for our client, and most likely other users as well. It was a lot of fun learning about all the ways that logic in Javascript code like this can break, mostly by abusing its dynamic typing and oddities like proto.
=> ↺ True Health New Mexico settles lawsuit over 2021 ransomware incident
True Health New Mexico has agreed to a class action settlement to resolve claims that the health insurance provider failed to protect patient data from an October 2021 data breach.
=> ↺ Stanford University discloses data breach affecting PhD applicants
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization.
"On January 24, 2023, Stanford was notified that a folder containing the 2022-23 application files for admission to Stanford's Department of Economics' Ph.D. program was available through the department's website because of a misconfiguration of the folder's settings," the university told affected individuals.
"We promptly investigated this matter, which revealed that the unrestricted access to
A Downtown Los Angeles man was charged today in a six-count federal grand jury indictment for allegedly defrauding female social media influencers, including by engaging in “SIM swapping” to hijack their Instagram accounts and obtain money from them and engage in sexually explicit video chats with him.
Amir Hossein Golshan, 24, is charged with two counts of wire fraud, one count of unauthorized access to a protected computer to obtain information, one count of accessing a computer to defraud and obtain value, one count of aggravated identity theft, and one count of threatening to damage a protected computer.
=> ↺ Jump crypto & Oasis successfully reclaim over $225 Million Stolen in Wormhole Hack
Jump Crypto, a provider of Web3 infrastructure and the decentralized finance (DeFi) platform Oasis.app has carried out a “counter exploit” on the Wormhole protocol hacker, recovering $225 million worth of digital assets and moving them to a secure wallet.
A flaw in the protocol’s token bridge allowed the Wormhole assault, which took place in February 2022, to siphon off roughly $321 million worth of Wrapped ETH (wETH).
Since then, the hacker has moved the stolen funds around using several Ethereum-based decentralized applications (dApps). Additionally, via Oasis, they just built up a Wrapped Staked ETH (wstETH) vault on January 23 and a Rocket Pool ETH (rETH) vault on February 11.
=> ↺ News Corp says state hackers were on its network for two years
Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020.
This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, while the threat actors had access to an email and document storage system used by several News Corp businesses.
=> ↺ Minneapolis Public Schools tap dances around telling parents and employees what really happened
Of course, a ransomware attack or malware attack is not a laughing matter but neither is an attempt to spin a data security incident. It is time for districts to cut the b.s. and just tell parents and employees the unvarnished truth.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB