Ransomware targeting small businesses, alerts for Digium Elastix and Netwrix Auditor admins, etc.
Welcome to Cybersecurity today. It’s Monday, July 18, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Thanks to Jim Love for filling it out when I took a break last week. It’s good to be back. So here are some of the latest news:
Small businesses often think – false – they are not the target of hackers. In fact, they are on the list of threat actors. And according to Microsoft, one of them is a group based in North Korea that is spreading ransomware. The group, which calls itself H0lyGh0st, has been compromising with small and medium-sized businesses in several countries since last September. Victims include banks and schools. Organizations of all sizes can protect against ransomware and all types of cyberattacks, using only up-to-date and patched software that forces all employees to use multi-authentication. element to log in, implement anti-virus or malware protection, and restrict access to sensitive data. only those who need it.
Attention IT communications managers: Organizations using Digium Elastix’s voice over IP PBX system are being targeted by threat actors. According to researchers at Palo Alto Networks, the attackers are trying to install a web shell on the system’s web server. The report did not detail how the systems were initially attacked. But your firewall and threat detection applications must be configured to protect against this intrusion.
Attention IT managers: A vulnerability in Netwrix Auditor, which is software that audits IT assets, could allow an attacker to compromise the system. That’s according to researchers at a company called Bishop Fox. The attack can eventually lead to a breach of the Active Directory domain. Administrators are required to update to version 10.5 of Netwrix Auditor.
Many mobile applications marketed with vulnerabilities, if a recent study conducted for mobile security company Approov is accurate. Half of the 302 security chiefs and mobile application developers in the US and UK said their organizations can submit apps with known vulnerabilities. Two-fifths of respondents said their organization’s security processes for internal and third-party developers were weak and inadequate. Additionally, 60% of respondents said that they do not have runtime threat visibility to mobile apps and APIs. Given the security risks, it’s a mystery why developers are flocking to mobile apps to market.
App developer Using open source packages on GitHub should look for and trust those that are actively maintained. Irrelevant software may be associated with malware. GitHub provides metadata called commits about the history of packages. But a report by researchers at Checkmarx warns that the timestamps on commits can be easily manipulated because they are not verified. Thus, a threat can post a package and make it look like it has been active for a long time. Not only that, the committer’s identity can be spoofed. The report urges developers to use GitHub’s Commit Signature Verification to sign their commits and help improve reliability in package data.
Final, LendingTree, an American online loan support platform, confirmed the personal information of 70,000 users left open on the internet in February. The platform told cybersecurity news service The Record that a code flaw resulted in the exposure of data including a customer’s name, date of birth, Social Security number and address. At the same time, LendingTree denied claims that the loan application data of 200,000 people sold on the dark web came from its platform.
Remember the links to detailed information on the podcast stories are in the text version at ITWorldCanada.com.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.