Data on over 340 million people exposed so far this year.
Welcome to Cyber Security Today. It’s Friday, April 28th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The year is only four months old and so far almost 340 million people have been affected by publicly-reported data breaches or leaks. Of that number, 235 million were the usernames and email addresses of Twitter users leaked in January. The second largest leak was the theft of data on 37 million subscribers of American wireless carrier T-Mobile. These numbers are according to a public data breach tracker created by the U.K. news site The Independent.
Hackers continue finding ways of getting cash by breaking into cryptocurrency wallets. According to the TechCrunch news site, the latest victims have email accounts with American provider AT&T. Somehow the attackers were able to use the option allowing users to create digital mail keys for email accounts so they don’t have to log in with a password. With the keys the hackers logged into victims’ accounts and reset their passwords for certain services, including, if they have one, their crypto accounts. One victim said he lost US$135,000 in cryptocurrency. AT&T told TechCrunch it has now updated its security controls to stop this unapproved access. The hacker used an API for access, AT&T said.
A hacking group that researchers call FIN7 is going after servers running Veeam Backup and Replication. That’s according to experts at WithSecure. They aren’t sure, but assume the group is looking for servers that haven’t been patched with a recently issued update. IT departments need to ensure unwanted PowerShell scripts aren’t lurking on their systems and that all applications are running the latest versions of software.
VMware has issued security updates for VMware Workstation and Fusion. These close four critical vulnerabilities involving connecting to Bluetooth devices. A malicious actor with local administrative privileges on a virtual machine can exploit this issue.
Administrators running Apache Superset, an open-source data visualization and exploration tool, are being warned to install the latest update. The problem is many are running with the default configuration that exposes a default digital key. That’s not important if the tool isn’t open to the internet. But researchers at Horizon3 AI say some 2,000 servers are both open to the internet and running with the default configuration. The risk is a skilled attacker can log in as an administrator by forging a session cookie, then access the rest of the IT infrastructure. The problem is solved by installing the update and changing the default password.
Finally, users of Google’s Authenticator app for two-factor authentication has recently added the option of account synchronization, which backs up the 2FA data to the cloud. That way your access can be restored to a new phone. However, researchers at Sophos say synchronization isn’t safe yet. That’s because it doesn’t have a passphrase capability, nor is synchronization offered with end-to-end encryption. We’ll keep you informed when it’s safe.
That’s it for now. But later today the Week in Review edition will be available. Guest David Shipley of Beauceron Security and I will discuss the new super-penetration test major Canadian banks and insurance firms will have to undergo and whether other industries should adopt it.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.