-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on May 20, 2023
> Seven actively abused Linux-related security flaws, most of which are years old, have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, according to SiliconAngle.
> Security updates have been issued by Fedora (cups-filters, kitty, mingw-LibRaw, nispor, rust-ybaas, and rust-yubibomb), Mageia (kernel-linus), Red Hat (jenkins and jenkins-2-plugins), SUSE (openvswitch and ucode-intel), and Ubuntu (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-oracle-5.15, linux-ibm, linux-oracle, and linux-oem-6.0).
> A threat actor known for targeting Microsoft cloud environments now is employing the serial console feature on Azure virtual machines (VMs) to hijack the VM to install third-party remote management software within clients’ cloud environments.
> Tracked as UNC3844 by researchers at Mandiant Intelligence, the threat group is leveraging this attack method to skirt traditional security detections employed within Azure with a living-off-the-land (LotL) attack ultimately aimed at stealing data that it can use for financial gain, Mandiant researchers revealed in a blog post this week.
> The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.
> The issue was discovered by a security researcher known as ‘vdohney,’ who published a proof-of-concept tool allowing attackers to extract the KeePass master password from memory as a proof-of-concept (PoC).
> A failed cybersecurity attack is responsible for Newport News Public Library branch computers being out of operation the past three weeks.
> Public computers and printing, faxing and scan-to-email services have all been unavailable since April 25. Library patrons who tried to use public computers at library branches were greeted with signs taped over the screens that say “out of order.”
> DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility.
> The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the FTC is proposing changes to the Rule and welcomes your comments.
> The Health Breach Notification Rule applies to certain businesses that aren’t covered by HIPAA – specifically, vendors of personal health records (PHR), PHR related entities, and third party service providers. When there’s been an unauthorized acquisition of a person’s unsecured, personally identifiable health information, PHR vendors and PHR related entities must (among other things) notify the FTC, consumers and, in some cases, the media. If your company is a third party service provider to a PHR vendor or a PHR related entity, you have notice requirements under the Rule, too. (Read Complying with FTC’s Health Breach Notification Rule for details.)
↺ Rackspace gets San Antonio federal judge to toss proposed class-action suit over ransomware attack
> Rackspace Technology Inc. won’t have to face proposed class-action litigation in San Antonio over a December ransomware attack that hobbled the cloud computing company.
> U.S. District Judge Xavier Rodriguez on Thursday sided with Rackspace in dismissing litigation that had been brought by 37 plaintiffs from across the U.S. who lost access to email and related data as a result of the attack. More than 30,000 customers were allegedly affected, the judge noted in his ruling.
-- Response ended
-- Page fetched on Sat Jun 1 06:09:22 2024