British teens face Lapsus$-related criminal charges, an MFA warning and updates needed for Github, Rockwell PLCs and Apple devices.
Welcome to Cyber Security Today. It’s Monday, April 4th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Two of the seven young people recently detained in the United Kingdom for allegedly helping the Lapsus$ extortion gang now face criminal charges. The two, both teenagers, are charged with four counts of unauthorized access to a computer and one count of fraud. One 16 year old has also been charged with causing a computer to perform a function to secure unauthorized access to a program.
Separately, the SANS Institute is reminding IT leaders to train employees to be wary of techniques used by attackers to get around multifactor authentication. This is because one of the ways the Lapsus$ gang has been able to worm its way into victims’ IT systems is by exhausting an employee with MFA approval requests. Multifactor authentication login protection often involves setting up a cellphone to receive a text message with a six-digit code. Usually that code has to be entered on a separate device in addition to a username and password. However, some MFA systems let a user press an “Accept” button on the screens of their mobile device to send the code and complete the login. This is called a push notification. If a Lapsus$ gang member gets hold of a victim’s username and password, they bombard the victims’ phone with repeated multifactor code requests hoping the victim will get annoyed and just press ‘Accept.’ Sometimes attackers will try harassing employees when they’re sleeping, hoping they’ll just press the button and let them get back to sleep. With the code received, the hacker gets into the IT system. A commentary published Friday by researchers at the SANS Institute notes this tactic isn’t new. In fact sometimes hackers are smart enough to slowly send code requests. So where push notification is allowed employees have to be reminded not to fall for this trick – and if they get unexpected code approval requests it should be reported.
Attention developers using the Github application development platform: Security updates have been released for the Community and Enterprise Editions of the platform. Github says they have to be installed immediately. They fix a number of vulnerabilities. The most serious is the inadvertent setting of a hardcoded password for accounts using an OmniAuth provider like OAuth, LDAP or SAML. An attacker getting hold of the password can take over a Github user’s account and manipulate or destroy their work.
Attention industrial operational network administrators: If you have programmable logic controllers from Rockwell Automation in your environments they need to be patched immediately. Security researchers at Claroty have discovered two serious vulnerabilities in Rockwell’s Logix series of devices and in the Studio 5000 Logix Designer software for creating apps. These vulnerabilities can allow an attacker to modify code and therefore damage a systems’ operations.
How does the Internet keep working in war-torn Ukraine? In certain parts of the country it can’t. But according to the news site The Record, where they can rival telecommunication companies are now working together to share their networks and personnel to keep connectivity up.
Finally, Apple released important fixes for some models of iPhones, iPads and Macs. Usually they get installed automatically, but it doesn’t hurt to check.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.