The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:”Case closed.”

In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet — or one dollar for each of the company’s impacted customers, which included Prime Minister Anthony Albanese.

Medibank refused to pay at the urging of the federal government, which at the height of the crisis considered making it illegal for hacked companies to hand over ransoms.

On Thursday morning the hackers said they had posted the last of the data online, deliberately coinciding with International Computer Security Day.

“Happy Cyber Security Day,” they wrote.

“Added folder full. Case closed.”

Google this week announced the release of Chrome 108 in the stable channel with patches for 28 vulnerabilities, including 22 reported by external researchers.

Of the externally reported security defects, eight are high-severity issues and 14 are medium-severity flaws.

The most severe of these bugs, based on the paid bug bounty reward, is CVE-2022-4174, a type confusion issue in the web browser’s V8 JavaScript engine.

Google credited security researcher Zhenghang Xiao for reporting the vulnerability and says it paid a $15,000 reward for it.

Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products.

The flaws were identified by researchers at CyberDanube, a new industrial cybersecurity company based in Austria, in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.

Delta Electronics router vulnerability The researchers conducted their analysis on so-called digital twins, which involve virtualization techniques, rather than by looking at the actual devices.

In the 3G router, they discovered an authenticated command injection issue and a stored cross-site scripting (XSS) flaw. The command injection vulnerability can allow an attacker who has credentials for the web service to execute system commands on the OS with root privileges.

Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.

Available since 2019, Quarkus is an open source Kubernetes-native Java framework designed for GraalVM and HotSpot virtual machines.

Tracked as CVE-2022-4116 (CVSS score of 9.8), the security defect was identified in the Dev UI Config Editor and can be exploited via drive-by localhost attacks.

“Exploiting the vulnerability isn’t difficult and can be done by a malicious actor without any privileges,” Contrast Security researcher Joseph Beeton, who discovered the bug, explains.

Contrast discovers zero-day flaw in popular Quarkus Java framework
https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security