Tux Machines
Posted by Roy Schestowitz on Mar 12, 2023
=> today's howtos | today's leftovers
=> ↺ Security updates for Friday [LWN.net]
Security updates have been issued by Debian (chromium and wireless-regdb), Fedora (caddy, python-cryptography, and redis), Oracle (gnutls), SUSE (hdf5, opera, python-Django, redis, tomcat, and xen), and Ubuntu (apache2 and snakeyaml).
=> ↺ Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack
Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers.
=> ↺ North Korean hackers used polished LinkedIn profiles to target security researchers
As part of the shift in tactics, the hackers have deployed a range of new tools and social engineering tactics to lure their victims.
=> ↺ Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying
Researchers discover a dozen serious vulnerabilities in Akuvox smart intercom, but the vendor has not released any patches.
=> ↺ Multi-Technology Script Leading to Browser Hijacking, (Fri, Mar 10th)
In the FOR610 class, we learn how to perform malware analysis. The training focuses on Windows PE files but in the real world, malware samples use multiple technologies to perform malicious actions. I spotted a VBScript file...
=> ↺ How OpenSSF Aims to Make Log4j-Like Incidents Rare | ↺ 'Linux' Foundation still bringing up "Log4j" (2021)
=> ↺ Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website
Authorities seized a domain distributing the NetWire RAT and arrested a Croatian individual who administered the website.
=> ↺ Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor
AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.
=> ↺ Serious Vulnerability Patched in Veeam Data Backup Solution
A serious vulnerability in Veeam Backup & Replication may allow attackers to obtain encrypted credentials from the configuration database.
=> ↺ Capitol Hill data breach more ‘extensive’ than previously known
A sweeping cybersecurity breach of congressional members’ private information was more extensive than previously known and affects not only House lawmakers and their staff but also Senate employees.
The Senate sergeant-at-arms alerted Senate staff about the breach Thursday in an email obtained by CNN.
The compromised data is “extensive,” and includes sensitive data such as Social Security numbers, home addresses and information on Senate employees’ health insurance plans, the sergeant-at-arms said in the email, which urged Senate staff to freeze their family credit to guard against fraud.
=> ↺ 3,400 death registry records accessed in Hawaii Department of Health data security breach
=> ↺ UNC data leak exposes more than 1,000 Social Security numbers
“Human error” played a role in the recent data leak at the University of North Carolina at Chapel Hill has exposed more than 1,000 Social Security numbers.
UNC said 1,025 people had their personal information mailed incorrectly. The university mistakenly sent out IRS Form 1099s with names, addresses, social security numbers, or tax identification number to the wrong people.
"While 3,403 forms were printed correctly, only 2,214 envelopes were mailed. Upon further investigation, the University determined that due to human error and a processing issue, some of the 2,214 mailings included more than one IRS form," said Query.AI Chief Information Security Officer Neal Bridges.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB