-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Sep 08, 2023
> The mystery of how Chinese hackers managed to steal a crucial Microsoft signing key has been explained.
> A security researcher has published exploit code for AtlasVPN for Linux, which could enable anybody to disconnect a user and reveal their IP address simply by luring them to a website.
> AtlasVPN is a "freemium" virtual private network (VPN) service owned by NordVPN. Despite being just 4 years old, according to its website, it's used by more than 6 million people worldwide.
> On Sept. 1, after receiving no response from the vendor, an unidentified researcher (referred to by their Full Disclosure mailing list username, "icudar") posted exploit code for AtlasVPN Linux to the Full Disclosure mailing list and Reddit. By simply copying and pasting this code to their own site, any odd hacker could disconnect any AtlasVPN user from their private network, and reveal their IP address in the process.
> "Since the entire purpose of the VPN is to mask this information, this is a pretty significant problem for users," says Shawn Surber, senior director of technical account management at Tanium.
> Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).
> The Ubuntu blog has a detailed article on plans to add full-disk encryption, with the key stored in the system's trusted platform module (TPM), to the desktop distribution.
> The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent.
> On July 17, DataBreaches reported that BlackCat had added the Beverly Hills Plastic Surgery (BHPS) to their dark web leak site. The June listing was updated to include photos that appeared to be proof of claims about their access to the clinic’s files.
> An investigation by Defence Housing Australia (DHA) is currently underway after it was notified that one of its third-party service providers had been hit by a cyber attack.
> The organisation, which provides housing and accommodation for military personnel and their families on and off base, has stressed that while there has been no impact or breach of DHA or Defence ICT systems, an investigation to determine if any data belonging to Defence Force members and their families had been compromised has been launched.
> “DHA has notified the Australian Cyber Security Centre, the Department of Home Affairs’ cyber security response unit, and the Office of the Australian Information Commissioner,” the DHA said in a notice released on its site.
> “Defence personnel affected by this incident will be advised as soon as practicable.”
> The Department of Veterans’ Affairs (DVA) also issued a notice regarding the breach; however, it said that its systems remain secure.
> Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyberattack early this year.
> The school system started sending letters late last week, according to local media reports, and on Tuesday a notice posted on Maine’s data breach notification site said that 105,617 people were affected.
> Mayanei Hayeshua Medical Center in Bnei Brak was hit by a cyberattack on August 7. Patient care was not disrupted for some things, but the ministry instructed that the center’s outpatient clinics and imaging centers not accept patients and that the public not go to its emergency room until further notice. A week later, the hospital disclosed it had received a ransom demand. It was pretty much an open secret that the attackers were the Ragnar_Locker group, but the hospital never named them.
> The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country.
> The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain.
> “Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file ‘weblinks.cmd’ to the victim’s computer,” CERT-UA said, attributing it to the Russian threat actor known as APT28 (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE).
> This is not the first cyberattack CMB has experienced. In February 2019, DataBreaches reported that user data from 6.1 million users was up for sale on DreamMarket by gnosticplayers.
> When DataBreaches started to look into this listing, we discovered that Do IT Consultants’ website is no longer online and the last time it was archived by archive.org was in early 2022.
> Today, the United States, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot cybercrime group. Russia has long been a safe haven for cybercriminals, including the Trickbot group. Today’s action was taken by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). The U.S. Department of Justice (DOJ) is concurrently unsealing indictments against nine individuals in connection with the Trickbot malware and Conti ransomware schemes, including seven of the individuals designated today.
> After the arrest of Breached.vc’s owner “Pompompurin” in March, Breached.vc was taken offline by an administrator because it seemed likely the server had been compromised by law enforcement. Months later, the domain was seized by law enforcement.
> The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on.
> “I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a way that actually reaches them, and I don’t think we’ve come up with a convincing story” about why cybersecurity matters, Jessica Wilkerson, a senior cyber policy adviser at the Food and Drug Administration, said Wednesday at the Billington Cyber Summit in Washington.
> On April 1, DataBreaches reached out to Bienville Orthopaedic Specialists (BOS) in Mississippi to ask about a claim by Abyss threat actors that they had compromised BOS. BOS never replied.
> But now, five months later, BOS submitted a breach notification to the Maine Attorney General’s Office. The notification indicates that 242,986 people were affected by a “data security event” that occurred between February 3 and March 5.
> The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course, the Report as a whole is well worth the read, but if you don’t have the time to get through its 78 pages, this post may be helpful.
> IBM announced Wednesday that an unauthorized party breached the patient healthcare database it manages for the Johnson & Johnson-owned Janssen CarePath platform. Many of the patients are or have been treated for serious diseases, such as cancer.
> The tech giant says it has begun to notify patients whose information may have been compromised in the breach, discovered on August 2nd.
> The IBM-run database is used by Janssen CarePath, a free patient support platform that offers savings on advanced prescription medicines and other patient resources.
-- Response ended
-- Page fetched on Thu Jun 13 15:38:51 2024