Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Apr 18, 2023

=> today's howtos | LibreArts Weekly Recap and Chat With Mastodon CEO

Security updates for Monday [LWN.net]

=> ↺ Security updates for Monday [LWN.net]

Security updates have been issued by Debian (chromium, rails, and ruby-rack), Fedora (firefox, ghostscript, libldb, samba, and tigervnc), Mageia (ceph, davmail, firefox, golang, jpegoptim, libheif, python-certifi, python-flask-restx, thunderbird, and tomcat), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (apache2-mod_auth_openidc, aws-nitro-enclaves-cli, container-suseconnect, firefox, golang-github-prometheus-prometheus, harfbuzz, java-1_8_0-ibm, kernel, liblouis, php7, tftpboot-installation images, tomcat, and wayland), and Ubuntu (chromium-browser, imagemagick, kamailio, and libreoffice).

Ongoing issues at Cornwall Community Hospital from “Cyber Incident”

=> ↺ Ongoing issues at Cornwall Community Hospital from “Cyber Incident”

On April 11, Cornwall Community Hospital (CCH) in Ottawa reported some “network Issues” and for patients to expect some delays as they worked to restore systems. The hospital’s EHR system was not affected by the attack.

Read The Manual Locker: A Private RaaS Provider [Ed: Microsoft Windows TCO]

=> ↺ Read The Manual Locker: A Private RaaS Provider

Another day, another ransomware-as-a-service (RaaS) provider, or so it seems. We’ve observed the “Read The Manual” (RTM) Locker gang, previously known for their e-crime activities, targeting corporate environments with their ransomware, and forcing their affiliates to follow a strict ruleset. Is this yet another ransomware gang, or is there more to this gang and their locker than meets the eye? This blog investigates the actor, along with a technical deep dive into their Windows ransomware executable.

Investigation underway into cyber attack affecting charities for sexual assault survivors

=> ↺ Investigation underway into cyber attack affecting charities for sexual assault survivors

AN INVESTIGATION IS underway into a ransomware attack on a data management company in Northern Ireland that holds data for charities and non-profits, including several organisations working with sexual assault survivors.

The PSNI has confirmed that it received a report of a cyber incident on 30 March and referred the case to specialist detectives in its Cyber Crime Investigation Team, where enquiries are still ongoing.

The company, Evide, manages data for its clients, who are charged between £720 and £1,200 a year for its services, according to the company’s website.

The Data Protection Commission and National Cyber Security Centre have been notified of the breach.

LockBit ransomware gang appears to be targeting Macs for the first time

=> ↺ LockBit ransomware gang appears to be targeting Macs for the first time

Over the last several years, LockBit has become one of the most powerful ransomware gangs. While it has focused on Windows, Linux, and virtual host machines, it looks like the group has developed its first ransomware for Macs.

Discovered by MalwareHunterTeam (via Brett Callow), what seems to be the first ransomware build designed for macOS has surfaced on the web. While it’s not fully clear, it may also be the first time a major ransomware gang is targeting Apple devices.

Two more school districts hit by ransomware: Pineland Schools, Uniondale Union Free School District

=> ↺ Two more school districts hit by ransomware: Pineland Schools, Uniondale Union Free School District

Pineland Schools in Vineland, New Jersey, was added to LockBit’s site with some files as proof of claim.

=> gemini.tuxmachines.org