Tux Machines
Posted by Roy Schestowitz on Jul 02, 2023
=> Gemini Articles of Interest | WordPress 6.3 Beta 2
In my last Diary, we looked at internet-connected web servers, which still support SSL version 2.0.
=> ↺ Newbie Akira Ransomware Builds Momentum With Linux Shift
The fledgling Akira ransomware group is building momentum and expanding its target base, following other cybercriminal groups by adding capabilities to exploit Linux systems as part of a growing sophistication in its activity, researchers have found.
The gang, which emerged as a cybercriminal force to be reckoned with in April of this year, is primarily known for attacking Windows systems, and maintains a unique data-leak site designed as an interactive command prompt using jQuery.
However, the group — named for a 1988 Japanese anime cult classic featuring a psychopathic biker — is now shifting its tactics to target Linux, with a new version of its ransomware that can exploit systems running the open source OS, researchers from Cyble Research and Intelligence Labs (CRIL) revealed in a blog post published June 29.
=> ↺ Mission Linux: How the open source software is now a lucrative target for hackers
=> ↺ TSMC confirms data breach after LockBit cyberattack on third-party supplier
Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang.
The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site on Thursday. The gang is threatening to publish data stolen from the company, which commands 60% of the global foundry market, unless the company pays a $70 million ransom demand.
Thirteen people, including a 16-year-old youth, were arrested for their suspected involvement in the recent spate of banking-related malware scam cases.
Preliminary investigations showed that 10 of the 13 suspects, aged between 16 and 27, had allegedly facilitated the scam cases by sharing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains.
=> ↺ Mount Desert Island Hospital notifies 24,180 patients of April network attack
On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there had been unauthorized access between April 28 and May 7, 2023.
=> ↺ Breach Victims Have Standing When Data Misused, 1st Circuit Says
A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said.
Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the home-delivery pharmacy was used to file a fraudulent tax return, Judge Sandra L. Lynch of the US Court of Appeals for the First Circuit said Friday.
=> ↺ BlackCat continues attempting to extort healthcare entities
Coachella Valley Collection Service, a service that provides debt collection services, including “medical, retail, commercial, judgment, and check debt collection.” BlackCat (aka AlphV) claims to have acquired 575 GB of data including employee personal information, internal company documents, clients’ documents with Social Security numbers, loan data and more, and a complete network map including login credentials for local and remote services.
=> ↺ In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
Check Point provides an in-depth analysis of malware attributed to China-based espionage group Camaro Dragon that infected an European healthcare institution after an employee participated in a conference in Asia. The malware self-propagates through USB drives and landed on the healthcare organization’s systems after the employee’s drive was accidentally infected during the conference.
=> ↺ Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives
The malware gained access to the healthcare institution systems through an infected USB drive. During the investigation, the Check Point Research (CPR) team discovered newer versions of the malware with similar capabilities to self-propagate through USB drives. In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.
The main payload variant, called WispRider, has undergone significant revisions. In addition to backdoor capabilities and the ability to propagate through USB using the HopperTick launcher, the payload includes additional features, such as a bypass for SmadAV, an anti-virus solution popular in Southeast Asia. The malware also performs DLL-side-loading using components of security software, such as G-DATA Total Security, and of two major gaming companies (Electronic Arts and Riot Games). Check Point Research responsibly notified these companies on the above-mentioned use of their software by the attackers.
=> ↺ Dallas reports 90% recovery from ransomware attack
The update came five weeks into Dallas’ ransomware ordeal, which initially spread across the city, including to its police and fire departments, which went without their computer-aided dispatch system, forcing 911 operators to manually transcribe and relay requests for aid.
The CAD system was brought back online in mid-May, officials said. Several other systems have returned since then, including a service to schedule appointments with the city animal shelter. And a major milestone occurred last week, when Dallas municipal courts reopened after nearly a month, with an upgrade to its case-processing system.
=> ↺ Dallas releases technology accountability report following ransomware attack
The ransomware attack happened on May 3. According to the report released Friday, Dallas' IT team took additional measures as an immediate response to disconnect systems, services, and devices from the city's network to contain and prevent further spread of malicious software. The report also states the city organized and mobilized a broader incident support team to help in the management of the recovery activities.
The city is still working to get back online but in the latest update, systems are reported to be more than 90% restored.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB