Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Aug 12, 2023

=> Debian Systems Now Patched Against “Downfall” and “INCEPTION” CPU Flaws | Android Leftovers

Security updates for Friday [LWN.net]

=> ↺ Security updates for Friday [LWN.net]

Security updates have been issued by Debian (intel-microcode, kernel, and php-dompdf), Fedora (linux-firmware, OpenImageIO, and php), Oracle (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), SUSE (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and Ubuntu (dotnet6, dotnet7, php-dompdf, and velocity-tools).

CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report

=> ↺ CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report

Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. It penetrated corporate networks, stole source code, demanded payments while rarely following up, lodged political messages in shadowy online forums, and swiftly moved on to its next targets. The cyberattacks were not the work of a nation-state actor, nor did they always involve particularly complex or advanced tooling or methods. Yet the attacks were consistently effective against some of the most well-resourced and well-defended companies in the world. These headline-grabbing incidents were perpetrated by a loosely organized threat actor group known as Lapsus$. Lapsus$ exploited systemic ecosystem weaknesses to infiltrate and extort organizations, sometimes appearing to do so for nothing more than attention and public notoriety.

HHS HC3: Multi-Factor Authentication & Smishing

=> ↺ HHS HC3: Multi-Factor Authentication & Smishing

HHS Health Center Cybersecurity Center (HC3) has published a new informational handout and guidance on multi-factor authentication (MFA) and smishing. It includes statistics and suggestions for dealing with common obstacles to implementation.

Nearly 1.5 million affected by data breach at Alberta Dental Service Corporation

=> ↺ Nearly 1.5 million affected by data breach at Alberta Dental Service Corporation

A significant data breach has compromised the personal information of about 1.47 million Albertans, the Alberta Dental Service Corporation said Thursday.

In a statement, ADSC said certain data from public dental benefits programs it administers for the provincial government was implicated in a recent cybersecurity breach.

ADSC learned it was the victim of a ransomware attack and called in cybersecurity experts to assist with containment, remediation, and to conduct a comprehensive forensic investigation into the nature and extent of the incident.

CT: New Haven Board of Education victim of $6 million cyber theft

=> ↺ CT: New Haven Board of Education victim of $6 million cyber theft

The city of New Haven suffered a $6 million theft in a cyber attack earlier this year it was announced Thursday. To date, law enforcement officials have recovered over half the money.

Officials said the cyber attack targeted the Board of Education’s Chief Executive Officer and Chief Operating Officer in what was described as a “business email compromise.” Thieves got access to the CEO’s email in late May. In June, they made six successful and one failed attempts to steal money by watching conversations and inserting themselves in the discussion to steal money.

Notorious phishing platform shut down, arrests in international police operation

=> ↺ Notorious phishing platform shut down, arrests in international police operation

A notorious ‘phishing-as-a-service’ (PaaS) platform known as ‘16shop’ has been shut down in a global investigation coordinated by INTERPOL, with Indonesian authorities arresting its operator and one of its facilitators, with another arrested in Japan.

The three arrests, which concluded with actions against a suspect last month, was made possible due to the intensive intelligence-sharing between the INTERPOL General Secretariat’s cybercrime directorate, national law enforcement in Indonesia, Japan and the United States and private sector partners including Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42 and Trend Micro, with added support from Cybertoolbelt.

The PaaS platform sold ‘phishing kits’ to hackers seeking to defraud Internet users through email scams where victims typically receive an email with a pdf file or link that redirects to a site requesting the victims’ credit card or other personally identifiable information. This information is then stolen and used to extract money from the victims.

Phishing is considered the most prevalent cyber threat in the world, and it is estimated that up to 90 per cent of data breaches are linked to successful phishing attacks, making it a major source of stolen credentials and information.

=> gemini.tuxmachines.org