Tux Machines
Posted by Roy Schestowitz on Apr 21, 2023
=> today's howtos | Servers: Kubernetes, SUSE, and Clown Computing
=> ↺ Security updates for Friday [LWN.net]
Security updates have been issued by Debian (golang-1.11 and libxml2), Fedora (chromium, dr_libs, frr, ruby, and runc), Oracle (java-11-openjdk and java-17-openjdk), Red Hat (emacs, httpd and mod_http2, kpatch-patch, and webkit2gtk3), SUSE (libmicrohttpd, nodejs16, ovmf, and wireshark), and Ubuntu (kauth and patchelf).
=> ↺ Capita customer data was stolen in March ransomware attack
Public sector outsourcer Capita has confirmed that some confidential data was stolen from a small proportion of its server estate affected by a Black Basta ransomware attack in March 2023.
The incident caused major IT outages and significant impact to customer-facing services at many public sector bodies and some operators of critical national infrastructure (CNI) across the UK, with staff left unable to take calls from members of the public and others falling back on traditional pen and paper.
=> ↺ Restaurants hit by IT problems after BlackCat attack on supplier NCR
Ransomware attack on systems of payments giant causing service outages for restaurants around the world
=> ↺ The Python Software Foundation on European cybersecurity
This ten days old but hopefully better late than never: the Python Software Foundation has put out an article describing how the proposed European "cyber resilience act" threatens the free-software community.
=> ↺ "Trusted publishers" on the Python Package Index
The Python Package Index (PyPI) has, like many language-specific repositories, had ongoing problems with malicious uploads. PyPI is now launching an authentication mechanism called trusted publishers in an attempt to fight this problem.
=> ↺ Introducing 'Trusted Publishers'
Starting today, PyPI package maintainers can adopt a new, more secure publishing method that does not require long-lived passwords or API tokens to be shared with external systems.
=> ↺ D.C. Health Exchange Needs Broker Identity Theft Posse
The builders of the Affordable Care Act health insurance exchange system once wondered whether agents and brokers would have a role in the health insurance market.
Now, the managers of the ACA public exchange for the District of Columbia are turning to brokers to help persuade more users to protect themselves against the effects of a recent data breach.
The breach, which was discovered March 6 and announced March 8, exposed the personal information of about 56,415 exchange users, including 17 members of Congress. Data thieves posted at least two batches of data, including the Social Security numbers and email addresses of at least some users, on identity information markets.
=> ↺ Illuminate Education Beats Lawsuit Over Breach of Student Data
Illuminate Education Inc. defeated a proposed class action alleging it negligently failed to protect the information of more than 3 million elementary and high school students that was exposed in a late-December 2021 data breach.
The plaintiffs failed to show that they had suffered concrete harm from the breach or were at immediate risk of future harm, a threshold requirement for standing to sue under Article III, Judge James V. Selna of the US District Court for the Central District of California said Wednesday. He dismissed the suit without prejudice.
=> ↺ The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far.
Much of what we know about which medical entities have been affected by Clop’s attack comes from Clop itself. The threat actors started listing Fortra clients and samples of stolen data on their leak site to pressure Fortra clients to pay them to delete data and not leak more. DataBreaches noted about a dozen North American entities that either definitely had or likely had protected health information acquired by Clop. In this post, we will note those Fortra clients that have already issued notifications or disclosures concerning protected health information. In a second post, we will note entities that have not issued any public disclosures about the incident.
=> ↺ Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records
Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records.
Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills.
In the letter, hospital chief privacy officer Erin Keogh says a clinician “mistakenly” thought they could access health records of patients not under their care for the purposes of their own clinical education.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB