Cancer Society web site hacked, blogs spreading sextortion and a hole in Adobe security.
Welcome to Cyber Security Today. It’s Wednesday October 30th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
The American Cancer Society is the latest organization whose web site has been infected by code that steals credit card and other information entered by customers. That’s according to a news report by Security Magazine. This particular site sells T-shirts for fund-raising. E-commerce sites get infected in a number of ways, including stealing or guessing administrator passwords. Another is by exploiting vulnerabilities in Magneto, an e-commerce provider to many web sites around the world. Experts say there are several ways web site owners can make sure they aren’t hacked. First, make sure administrators have strong passwords and have to use multi-factor authentication to log in. Second, regularly verify that web site code hasn’t been altered. There are security software solutions that can be bought that do this, or simply do a regular checksum calculation on pages that show if something has changed.
Last week I reported that some web sites are getting extortion threats from an attacker claiming to be the threat group some experts call Fancy Bear. There was some suspicion because Fancy Bear, thought to be based in Russia, doesn’t raise money that way. Well, on Monday Microsoft put out a report on what Fancy Bear is usually accused of doing: Stealing information from governments and institutions. Microsoft says the group, which it calls Strontium, was behind attacks since mid-September on at least 16 national and international sporting and anti-doping organizations around the world. These attacks started just before the World Anti-Doping Agency, which oversees drug inspections on a number of athletes for competitions like the Olympics, announced it had started a formal compliance procedure against Russia’s Anti-Doping Agency. Just over a year ago a U.S. grand jury issued an indictment against seven officers in the Russian army’s intelligence division, accusing them of computer hacking and more to undermine the legitimacy of international anti-doping organizations who reported on Russian state-sponsored athlete doping programs. It is alleged they released information to reporters falsely under the name Fancy Bear Hack Team.
Last week I also reported on a hack over a year ago at virtual private network provider NordVPN. Yesterday the news site Bleeping Computer quoted the company saying it is beefing up its security.
Bleeping Computer is also reporting that attackers have found a new way to spread sextortion threats. They break into content management platforms such as Blogger and WordPress, which host a number of publications and blogs, to try to blackmail people. Usually sextortion threats are spread by email. But this campaign uses the stolen contact lists of blog subscribers. You’d get a message that seems to come from the blog site saying your account has been compromised, the hacker knows your password and has videos of you performing a sex act. The attacker demands you pay a ransom in bitcoin. Don’t fall for these threats. Report them to police. In addition, Blogger and WordPress administrators have to do a better job of protecting their passwords from being stolen. Again, you’ve got to use multi-factor authentication. Just a username and password isn’t enough to protect you from someone stealing your site.
Security researchers at Comparitech have discovered someone at Adobe left an Elasticsearch database for Creative Cloud subscribers open to the public. If someone had figured it out they could have accessed over 7 million email addresses of Adobe Creative Cloud users who subscribe to Photoshop, Lightroom, Premiere and other software. While no credit card or passwords could have been seen, attackers love getting their hands on email addresses. Employers that allow staff to use Elasticsearch have got to do a better job teaching them how to secure data.
Finally, if you own a router for connecting to the Internet made by MikroTik make sure it has the latest patches. Vulnerabilities recently discovered could allow an attacker to get into your system. And remember to keep your eye on how long the manufacturer or your router supports the device. Just like Windows, after a while patches and upgrades stop. I’m telling you this because Carnegie Mellon University’s computer emergency response team just identified vulnerabilities in 10 routers made by D-Link. The problem is these are older units and no longer supported by the company.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon