Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 28, 2023

=> GTK, GNOME, and KDE | European Free Software Events: FOSDEM and foss-north (UPDATED)

Password managers: A rough guide to enterprise secret platforms

=> ↺ Password managers: A rough guide to enterprise secret platforms

The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more

Chromium bug allowed SameSite cookie bypass on Android devices

=> ↺ Chromium bug allowed SameSite cookie bypass on Android devices

Protections against cross-site request forgery could be bypassed

News Corp reveals hackers had access to internal network for two years

=> ↺ News Corp reveals hackers had access to internal network for two years

Media conglomerate News Corp has disclosed that attackers behind a data breach revealed in February 2022 had access to parts of its internal systems for two years. The initial attack was first detected in January last year, affecting News Corp. publications and business units, including The Wall Street Journal and its parent company Dow Jones...

LockBit 3.0 remains the most active threat actor as ransomware attacks drop in January [Ed: Microsoft Windows TCO]

=> ↺ LockBit 3.0 remains the most active threat actor as ransomware attacks drop in January

In a surprising finding, a new report from NCC Group plc finds that the number of ransomware attacks dropped in January from December, but the number of attacks was still the highest for January in three years.

‘A year of cyberwar’ with Russia: An inside look from a top Ukrainian cybersecurity official [Ed: Reliance on Windows has done them a lot of harm and the "solution" was outsourcing to Microsoft, which worsens things and helps Microsoft grab taxpayers' money]

=> ↺ ‘A year of cyberwar’ with Russia: An inside look from a top Ukrainian cybersecurity official

Victor Zhora has been at the forefront of coordinating Ukraine's cyberdefense and describes lessons learned from fending off Russian attacks.

CISA director urges tech sector to stop shipping unsafe products

=> ↺ CISA director urges tech sector to stop shipping unsafe products

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the cybersecurity burden should no longer be placed on consumers.

553 days from discovery to notification? DataBreaches asked Dental Health Management Solutions why.

=> ↺ 553 days from discovery to notification? DataBreaches asked Dental Health Management Solutions why.

Why did it take 553 days from discovery to notify patients? Is the delay acceptable? Applying the standards for HIPAA-covered entities, and having reported on many breaches by now, DataBreaches believes a delay that long is not acceptable unless there are factors we do not know about in play. DataBreaches sent inquiries to both DHMS and their external counsel at Wilson Elser to ask for an explanation for the serious delay. No replies have been received.

There is currently no notice on HHS’s breach site (but they often have a delay in posting), and there is nothing on the Texas Attorney General’s breach site. Nor is there any notice on DHMS’s website.

How Offensive Action is Countering Ransomware [Ed: So does deleting Windows, and that's a lot cheaper.]

=> ↺ How Offensive Action is Countering Ransomware

Ransomware attacks have crossed a red line for many countries with continued merciless attacks. The threat to national economies and critical infrastructure marked a turning point. Governments are fighting back, and one of the strategies now routinely employed is infiltrating the servers and infrastructure of ransomware gangs. A recent offensive action against a top ransomware gang shows it can be a powerful tool both to rattle ransomware groups and provide real-time help to victims.

The latest occurred last month. Top U.S. prosecutors revealed Jan. 26, 2023, a law enforcement operation involving 13 countries that infiltrated the Hive ransomware group’s infrastructure starting in July 2022. As a top U.S. law enforcement official characterized it: “Simply put, using lawful means, we hacked the hackers.” Hive was one of the most prolific ransomware-as-a-service (RaaS) groups, with affiliates using its ransomware to execute attacks and extort more than 1,500 victims. For seven months, investigators had “clandestine, persistent” access to Hive’s control panel and database. That enabled investigators to swipe decryption keys without Hive’s knowledge and distribute those keys to 336 victims actively under attack. More than 1,000 decryption keys were provided to previous Hive victims, and authorities estimated the action meant US $130 million was not paid to the gang. What does this mean for the Hive gang, and what influence will this action have with respect to the broader ransomware environment?

Danish hospitals hit by cyberattack from ‘Anonymous Sudan’

=> ↺ Danish hospitals hit by cyberattack from ‘Anonymous Sudan’

The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan.

Copenhagen’s health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back online after “a couple of hours.”

Thousands of Asian Texans targeted in driver’s license breach

=> ↺ Thousands of Asian Texans targeted in driver’s license breach

The state shipped thousands of Texas driver’s licenses to an international organized crime group in a security lapse that is still under investigation, Department of Public Safety Chief Steve McCraw said Monday.

=> gemini.tuxmachines.org