-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jun 17, 2023
> Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd).
> Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed rules in question address disclosure requirements regarding cybersecurity governance and cybersecurity incidents at publicly traded companies and registered investment advisers and funds.
> The Rural Hospital Cybersecurity Enhancement Act made it out of committee and will now head to the Senate floor.
> The bipartisan legislation sponsored by Republican Sen. Josh Hawley and Democratic Sens. Josh Ossof and Gary Peters would require the Cybersecurity and Infrastructure Agency to develop workforce recruitment and cybersecurity training materials for rural hospitals.
> A proposed settlement of $988,550 has been reached in a class-action lawsuit relating to patient health records being wrongfully accessed by former employees at the Peterborough Regional Health Centre more than a decade ago.
> On Thursday the hospital announced the proposed settlement, noting a court hearing is scheduled on Aug. 30 at 8:30 a.m. to determine whether the settlement will be approved.
> Under Oregon law, some driver information is actually a public record — like an Oregonian’s name, address, phone number, and driver’s record. And under Oregon law, the state can, and actually does, sell that information to certain types of entities. So could criminals set up a fake private investigation service to buy data from the state that could be used in conjunction with the data that has been hacked? Yes, and hopefully the states will be extra diligent about checking the credentials of any entities that apply to purchase public records data, but even without that data, this is a breach where data may be misused.
> The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
> But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
> Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.
> The Cybersecurity and Infrastructure Security Agency said it's working with "several federal agencies" affected by a flaw in the file transfer software.
> Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organisations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.
> Online attackers with clear links to China are behind a vast cyber espionage campaign targeting government agencies of interest to Beijing, Google subsidiary Mandiant said on Thursday.
-- Response ended
-- Page fetched on Fri Jun 14 07:51:51 2024