-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Feb 11, 2023,
updated Feb 11, 2023
> Single sign-on and request smuggling to the fore in another stellar year for web security research
> No response or patch yet forthcoming from providers of vulnerable document management systems
> The U.S. and the U.K. have sanctioned seven Russian nationals for their alleged involvement in running the infamous TrickBot botnet. TrickBot dates back to 2016 and has a network of more than 1 million machines. Initially used to target banking credentials with malware of the same name, TrickBot evolved several times over the years.
> CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
> No user data was exposed, Reddit says, but the company encourages people to strengthen security by implementing two-factor authentication.
> The City of Oakland has learned that it was recently subject to a ransomware attack that began on Wednesday night. The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted.
> The latest notable incident in December saw a Facebook user claim that personal information of nearly 13 million Malaysians had been leaked from Maybank, Astro and the Election Commission’s websites.
> The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to Internet access.
> A New Jersey public school district’s data breach in December exposed personal data of employees — but those affected were not notified until the end of January.
> The breach occurred in the Bridgewater-Raritan Regional School District between Dec. 10 and 12 and exposed the names and Social Security numbers of district employees and others who are in the district’s insurance plan, according to a media release obtained by MyCentralJersey.com.
> Modesto Police officers are temporarily ditching computers for radios, pen, and paper while patrolling the city.
> At the height of the pandemic, one of Minnesota’s largest school districts fell victim to cyber fraud and nearly lost half a million dollars in the process. The previously unreported crime targeted Minneapolis Public Schools in April 2020, when schools and administration offices were vacant due to COVID-19.
> Dallas County Chief Appraiser Ken Nolan told reporters that it was likely that the attack managed to infiltrate the organisation after an employee was tricked by a phishing email.
> The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for services for an unrelated patient.”
-- Response ended
-- Page fetched on Sat Jun 1 08:10:37 2024