Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Mar 18, 2023,

updated Mar 18, 2023

=> How I got my first job in tech and helped others do the same | today's howtos

Latitude leaks customer data after employee login details stolen

=> ↺ Latitude leaks customer data after employee login details stolen

Financial services provider Latitude Financial has disclosed a breach that it says has led to the leak of personal IDs of more than 100,000 customers from one of its service providers.

Additionally, about 225,000 customer records were stolen from a second service provider, the company said in a statement to the ASX on Thursday.

US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

=> ↺ US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account.

SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day

=> ↺ SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day

SAP has released 19 new notes on March 2023 Security Patch Day, including five notes rated hot news.

FCC rules aims to curb scourge of robotexts assaulting Americans’ phones

=> ↺ FCC rules aims to curb scourge of robotexts assaulting Americans’ phones

The agency reports that scam text complaints rose 500% between 2015 to 2022, reflecting the increase in robotexts Americans receive annually.

Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers

=> ↺ Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers

Experts told Senators on Thursday that rural hospitals don't have the necessary resources to fend off an increasing number of cyberattacks.

Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing

=> ↺ Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing

The collapse of the U.S. tech industry's bank of choice has prompted a massive amount of fraud attempting to capitalize on its downfall.

The US cybersecurity strategy won’t address today’s threats with regulation alone

=> ↺ The US cybersecurity strategy won’t address today’s threats with regulation alone

The Biden administration needs to foster greater public-private collaboration, involve global partners and help build the cyber workforce to fight growing digital threats.

Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks [Ed: Misdirection. The issue is Microsoft, not those exploiting the holes.]

=> ↺ Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks

Russia-linked APT29 was seen abusing the legitimate information exchange systems used by European countries in attacks aimed at governments.

Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script [Ed: Once again Microsoft leverages geopolitics to distract from its incompetence if not liability]

=> ↺ Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script

Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders.

Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

=> ↺ Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations.

=> gemini.tuxmachines.org