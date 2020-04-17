Security Leftovers
Why Online Voting Won't Work, Even in a Pandemic
But as Motherboard has reported extensively, voting machines and using the internet in any way to exercise our most democratic right could call into question the integrity of the results and leave systems vulnerable to manipulation. Or, as the Democratic party discovered during its Iowa caucuses this past January, the entire vote count is at the mercy of a terrible app.
On this week’s CYBER we have Motherboard reporter Lorenzo Franceschi-Bicchierai on to discuss why online voting isn't ready for prime time.
Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach
As part of a settlement approved in January, Equifax will have to set aside $380 million for payments to affected individuals, attorney fees of $80 million, and other costs. The states that filed a lawsuit against the company will receive a total of $175 million.
However, Massachusetts and Indiana are not included in that multistate settlement as they filed their own lawsuits against Equifax. The attorneys general of Massachusetts and Indiana announced last week that they have each reached a settlement with the company for $18.2 million and $19.5 million, respectively.
The Equifax breach impacted roughly 3.9 million residents of Indiana and nearly 3 million people in Massachusetts.
Detroit hospital network says data breach affected more than 100,000 patient accounts [iophk: Windows TCO]
The attack against the hospital network occurred months before U.S. facilities started responding to the COVID-19 pandemic.
Beaumont security breach puts personal information of 112,000 people at risk [iophk: Windows TCO]
Beaumont discovered in late March that employee email accounts had been accessed May 23-June 3, 2019 by a third party, potentially compromising such patient information as name, date of birth, diagnosis, diagnosis code, procedure, treatment location, treatment type, prescription information, Beaumont patient account number, and Beaumont medical record number.
IT Services Giant Cognizant Attacked by ‘Maze’ Ransomware [iophk: Windows TCO]
The company, which has about 300,000 employees, said it was hit by the “Maze” #ransomware group and is engaging law enforcement authorities.
Cognizant Hit by 'Maze' Ransomware Attack [iophk: Windows TCO]
According to cybersecurity firm McAfee, [attackers] who deploy Maze threaten to release information on the [Internet] if the targeted companies fail to pay.
"We are in ongoing communication with our clients and have provided them with indicators of compromise and other technical information of a defensive nature," Cognizant added.
It did not respond to a request from Reuters for further comments on the incident.
Cognizant hit by ‘Maze’ ransomware attack [iophk: Windows TCO]
“Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” Cognizant said in a statement. It added that its internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.
Cognizant hit by 'Maze' ransomware attack [iophk: Windows TCO]
New-Jersey headquartered IT services provider Cognizant on Saturday said that it had faced a ransomware attack on Saturday that has caused disruptions to its clients.
The company released a statement on Saturday on its official website. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” it said.
The Maze ransomware was discovered in 2019 and has since gained notoriety.
COVID-19’s impact on Tor
We had to let go of 13 great people who helped make Tor available to millions of people around the world. We will move forward with a core team of 22 people, and remain dedicated to continuing our work on Tor Browser and the Tor software ecosystem.
Tor Project lets go of a third of staff due to COVID-19
The Tor Project, the non profit organization behind the Tor (The Onion Router) Browser, has let go of roughly a third of its staff due to the COVID-19 crisis. Tor is known as a private browser developed for use by dissidents in oppressive countries and others that need their internet use anonymized. Tech companies and organizations around the world have been affected by this pandemic, and it’s sobering to see the Tor Project have to let go of staff during this time period where Tor use is arguably ever more crucial.
Security updates for Tuesday
Security updates have been issued by Arch Linux (webkit2gtk), Debian (awl, git, and openssl), Red Hat (chromium-browser, git, http-parser, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, qemu-kvm-ma, rh-git218-git, and rh-maven35-jackson-databind), Scientific Linux (advancecomp, avahi, bash, bind, bluez, cups, curl, dovecot, doxygen, evolution, expat, file, firefox, gettext, git, GNOME, httpd, ImageMagick, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, kernel, lftp, libosinfo, libqb, libreoffice, libsndfile, libxml2, mailman, mariadb, mod_auth_mellon, mutt, nbdkit, net-snmp, okular, php, polkit, poppler and evince, python, python-twisted-web, python3, qemu-kvm, qt, rsyslog, samba, squid, taglib, telnet, texlive, thunderbird, unzip, wireshark, and zziplib), SUSE (apache2), and Ubuntu (git and python2.7, python3.4, python3.5, python3.6, python3.7).
Russian IT Security Updates
As part of the April „fix Tuesday“, Microsoft fixed 113 vulnerabilities in various products, including three zero-day vulnerabilities in Windows that were used in attacks to execute arbitrary code and increase privileges.
Two zero-day issues (CVE-2020-1020 and CVE-2020-0938) were contained in Adobe Type Manager Library and affected all supported versions of Windows, including Windows 7.
the Third vulnerability ( CVE-2020-1027 ) affected the Windows kernel and allowed the attacker to increase their privileges and execute code with kernel privileges.
