-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jun 16, 2023
> Two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) could have led to unauthorized access to user sessions, data tampering, and service disruptions, cloud security firm Orca warns.
> U.S. officials say the Department of Energy is among a small number of federal agencies compromised in a Russian cyber-extortion gang's global hack of a file-transfer program popular with corporations and governments. They say the impact is not expected to be great. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that the hacking campaign was short, opportunistic and caught quickly. A senior CISA official said neither the U.S. military nor intelligence community was affected. Known victims to date include Louisiana's Office of Motor Vehicles and Oregon's Department of Transportation.
> The top U.S. cybersecurity agency said it did not have evidence that the group was acting in coordination with the Russian government.
> LockBit, which emerged in January 2020, was the most active ransomware variant in 2022 in terms of victims claimed on the group’s data leak site, U.S. cybersecurity officials said in a June 14 advisory. Known LockBit attacks accounted for 16% of state, local, tribal and tribunal government ransomware attacks reported in the U.S. in 2022, as well as roughly 20% of known government ransomware attacks in Australia, Canada and New Zealand, the advisory said. Since January 2020 the group is associated with approximately $91 million in ransoms paid in the U.S., the advisory said.
-- Response ended
-- Page fetched on Sat Jun 1 09:47:21 2024