Tux Machines
Posted by Roy Schestowitz on Jun 23, 2023
=> 7,000 spam messages & Debian Day Volunteer Suicide | today's howtos
=> ↺ Reddit Chaos Continues as Hackers Demand $4.5M Ransom, Communities Still Dark
As the Reddit blackout chaos continues, a hacker group has claimed responsibility for the February 2023 hack. The BlackCat ransomware group says they were behind the attack, stealing 80GB of data from the company. Now the group is asking for $4.5 million dollars and a rollback of the planned API changes.
=> ↺ Secure Your Business and Gain Customer Trust with SSL Certificate Management
Data breaches and cyber threats are rising, so safeguarding sensitive information and customer trust is vital for businesses.
=> ↺ Holidaymakers warned about the dangers posed by ATM scammers
Follow these tips to stay safe when withdrawing cash abroad
=> ↺ Chinese malware accidentally infects networked storage • The Register
Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint.
The software nasty comes from a group called Camaro Dragon that Checkpoint's researchers on Thursday suggested conduct campaigns similar to those run by China's Mustang Panda and LuminousMoth attack gangs.
Checkpoint regards Camaro Dragon as most interested in Asian targets – its code includes features designed to hide it from SmadAV, an antivirus solution popular in the region.
=> ↺ Word Document with an Online Attached Template, (Fri, Jun 23rd)
It has been a while since I spotted such kind of document. Yesterday, I found a Word document (SHA256:5070e8a3fdaf3027170ade066eaf7f8e384c1cd25ce58af9155627975f97d156)
=> ↺ Linux servers are being infected with a dangerous new malware | ↺ The problem here is truly awful passwords, not Linux at all
Cybersecurity firm AhnLab’s Security Emergency response Center (ASEC) has uncovered an attack against, “inadequately managed” Linux SSH servers whereby malware is being installed and spread.
Most notable has been the installation of a Tsunami DDoS Bot, but ShellBot, XMRig CoinMiner, and Log Cleaner malware have also all been spotted.
Because Tsunami’s source code is publicly available, it has been used in numerous attacks against IoT devices and is often seen deployed alongside Mirai and Gafgyt, though Tsunami attacks on Linux servers are just as common.
=> ↺ Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), Oracle (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), Red Hat (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), Slackware (bind and kernel), SUSE (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Salt, salt, terraform-provider-aws, terraform-provider-null, and webkit2gtk3), and Ubuntu (bind9, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-oracle, and linux-ibm).
=> ↺ Two apprehended in CoWin portal data leak case
In a major breakthrough, the Delhi Police Special Cell has apprehended a man and a juvenile from Bihar in connection with the alleged data leak from the CoWin portal, the Centre’s official platform for Covid-19 vaccination registration and certification.
According to police sources, the adult man, whose identity has been withheld pending further investigation, is suspected of being involved in the unauthorised sharing of sensitive vaccination data on the encrypted messaging app, Telegram.
The sources have revealed that the man, believed to be in his late twenties, allegedly gained access to the portal.
More than a week after Stephen F. Austin State University was hit with a cyberattack, leaders at the public university in the East Texas Pineywoods are still working to fully restore email and other online services for the 11,600-student campus.
University spokesperson Graham Garner confirmed Tuesday that the Federal Bureau of Investigation is looking into the incident, which occurred about 10 days ago, but did not provide any additional details. In a statement, a spokesperson for the FBI Dallas field office confirmed the investigation but declined to provide more information about the investigation.
While the university has restored access to the internet and the university’s online teaching portal, students and faculty say the hack has caused serious disruptions, especially for students taking summer courses.
Over the past week, DataBreaches has been contacted by a few journalists who have been somewhat understandably confused about the situation with the original BreachForums and a new forum calling itself BreachForums. And from reading news reports this week, I see that some journalists are making errors, so this post is as much for those wishing to report on BreachForums as much as to provide an update as to what has evolved into a bit of a soap opera.
=> ↺ SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn't be shipped unless the customer paid an added delivery fee.
=> ↺ Law enforcement seizes domains owned by “Pompompurin” and one currently owned by DataBreaches
When the owner of Breached.vc was arrested in March, people expected to see Conor Fitzpatrick’s BreachForums site seized by authorities. Somewhat surprisingly, it wasn’t, and Baphomet, the forum’s administrator, was able to post messages on the site explaining what was going on and that he was taking the site down for fear it had been compromised. For months, the site was empty except for a warning posted by Baphomet not to trust any site claiming to be them. But when a new forum also called BreachForums opened, more warnings appeared on breached.vc. But who was posting them? Was it law enforcement or someone who still had access to the domain?
[...]
DataBreaches does not know when the warrant for seizure was first written or authorized, but in any event, not all domains seized today were related to BreachForums and DataBreaches hopes the government recognizes the over-reach and corrects it. Tomorrow, DataBreaches will contact the USAO or court and ask about trying to get breaches.net un-seized. DataBreaches makes no predictions as to how this will go.
[...]
Why the government decided to seize the domains now has not been revealed by the government. There has been no press release today by the U.S. Attorney for the Eastern District of Virginia, DOJ Main, or the FBI. Perhaps they will issue one tomorrow that explains why they delayed for three months and first seized domains now.
=> ↺ Google announces $20 million investment for cyber clinics
The announcement dovetails with growing interest in Congress to invest in the next generation of the cyber workforce.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB