A warning for end-of-life Cisco routers, another wave of ransomware attacks on QNAP devices, and more.
Welcome to Cybersecurity today. Monday, June 20. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
IT department keeps Outdated products are in danger. Hackers will quickly find and exploit unpatched devices to break into networks and steal data. So, when a manufacturer says a product is no longer supported, the product must be replaced. This comes to mind because Cisco Systems found another critical vulnerability in some of its end-of-life small business RV routers. These are the RV-100W, 130, 130W and 215W models. Errors will not be fixed. There is no alternative solution. If you have these on your network, they must be replaced.
A new ransomware campaign after the vulnerable QNAP network-attached storage devices were discovered. News site Bleeping Computer reports that ech0raix ransomware samples submitted by QNAP users to the ID Ransomware platform have increased recently, an indication of an increase in hacker activity. That platform is used to identify the strains of ransomware found in the system. No idea how the latest campaign is going viral – via email, text message or other tactics. But QNAP has warned those who monitor or use its devices to make sure the admin accounts have strong passwords, to enable IP Access Protection, to avoid using the default port numbers 443 and 8080, and to disable them. Universal Plug and Play port forwarding feature.
A Quebec court approved a $200 million settlement for a privacy infringement class action lawsuit against the Desjardins Corporation of Montreal. It stems from an employee stealing the data of over 9 million current and former customers between 2017 and 2019. If you were affected as of June 2019, you may claim up to $90. If your identity is stolen after January 1, 2017, you can claim up to $1,000. The data was copied to a USB stick by an unnamed employee in the marketing department and then allegedly sold to a private lending company. It includes first and last name, date of birth, social insurance
A botnet based in Russia of the 325,000 compromised devices behind the attack on millions of computers have been taken down by law enforcement agencies in the US, UK, Germany and the Netherlands. The botnet is called RSOCKS. Devices are often compromised through brute force attacks aimed at cracking poor passwords. RSOCKS allows the sale of the IP address of the hacked device to crooks, who can use them to mask the source of malicious internet traffic. But with the consent of some of the owners of the compromised devices, government-controlled honeypots were installed on the networks. They were infected with RSOCKS. That would help investigators obtain intelligence, which would eventually lead to the dismantling of the botnet’s infrastructure.
Final, Industrial network administrators using Siemens’ SINEC network management system who have not yet upgraded the suite to the latest version will do so quickly. That’s because security researchers at Claroty have revealed the discovery of 15 vulnerabilities that can be used by attackers to break into networks. They also revealed a proof of concept on how it could be done. The SINEC system manages the internet-connected industrial networks that run pipelines and factories. Claroty discovered these vulnerabilities last year and notified Siemens. The researchers are currently only publicly disclosing the details after Siemens released the patch last October. For those who have not received the notification, we recommend running version 1.0 SP2 Update 1 or higher of SINEC.
It is done. Remember the links to detailed information on the podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find my other stories.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.