Latest news on Windows patches, alerts for health IT admins, Mitel VoIP vulnerabilities being exploited and more.
Welcome to Cybersecurity today. Today is Wednesday, September 14, 2022. I’m Howard Solomon, a contributing cybersecurity reporter for ITWorldCanada.com.
Yesterday was patch Tuesday, the date Microsoft and Adobe release security updates for Windows and other products. IT admins should be aware that a patch fixes the proliferation of a privilege vulnerability that could be attacked by an attacker who already has access to the server. Vulnerability would allow them to obtain System privileges. Trend Micro’s Zero Day initiative says that of the 64 newly patched vulnerabilities, 5 are rated critical and 57 are rated critical.
Your PC will be set to receive updates automatically, but you don’t need to check by going to the Windows Update section of your PC.
IT Security Leaders are increasingly cutting down on the number of suppliers they buy from. According to Gartner, three-quarters of organizations surveyed recently said they have a security vendor consolidation strategy. Fifty-seven percent of respondents said their organization is working with less than 10 vendors for their security needs. Why Consolidate Suppliers? Because security leaders are unhappy with operational inefficiencies and lack of product integration, Gartner said.
Never happend Internet-connected medical devices running on outdated software are increasingly being exploited by threat actors. That’s according to the FBI. This week, it warned that patient safety and the security of personal health data were at risk. Frequent challenges include securely configuring medical devices, devices that lack security features, and devices with custom software that require special patching processes. Devices at risk include insulin pumps, defibrillators, pacemakers, and pumps that deliver pain medication. A recent research report conducted by a cybersecurity company found that 53% of connected medical devices and other Internet of Things (IoT) devices in hospitals have critical vulnerabilities. known, the report pointed out. The FBI urges medical IT administrators to protect connected devices with anti-virus software where possible, encrypt medical device data, and ensure devices can only be accessed through through complex passwords. If a device is disconnected from the IT network for service, integrity must be verified before being reconnected.
A hole in Mitel’s MiVoice VoIP equipment used by businesses is being exploited by a group of ransomware. Researchers at Arctic Wolf say a threat actor recently deployed Lorenz ransomware on a victim after leveraging Microsoft’s BitLocker Drive Encryption to obfuscate the organization’s data. The report warns that monitoring only critical assets is not enough to protect against cyberattacks. Security teams should monitor all outward facing devices for potentially malicious activity, including telephony over IP applications and IoT devices.
Truck rental agency U-Haul said a hacker obtained the names and driver’s license numbers of customers who rented cars between November 5 of last year and April 5 of this year. They did it by hacking two unique passwords. That gives hackers access to the client’s contract search engine. In a copy of a letter sent to affected customers and filed with the State of Montana, U-Haul did not say how the password was compromised, nor how many customers were affected. .
Final, Apple has released iOS 16 for iPhone and iPad, as well as several security patches for previous releases. iOS 16 includes a Lockdown Mode, for executives, reporters, and others worried about targeted attacks. It restricts some unnecessary features so that attackers can compromise the device will have fewer ways.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.