Ransomware is targeting VMware’s hypervisor, hospitals are attacked and more.
Welcome to Cyber Security Today. It’s Monday, February 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Ransomware gangs are going after organizations running unpatched versions of VMware’s ESXi hypervisor. The warning comes from France’s computer emergency response team. VMware says the problem is in OpenSLP, an open-source component of the hypervisor that has a heap-overflow memory vulnerability. The solution is to install updates as soon as possible to plug this hole. Patches were available two years ago. VMware also recommends disabling the OpenSLP service if it isn’t being used.
Update: Italy’s national broadcaster, RAI, said government officials were to meet Monday to discuss a warning about this vulnerability from the computer security incident response team of the country’s National Cybersecurity Agency (ACN). It issued an alert about “massive” network exploitation. The ACN technicians have already surveyed “several dozen probably compromised national systems, RAI said.
Breaking news: The top U.S. cyber diplomat says one of his Twitter accounts was hacked. According to CNN, Nate Fick, the American “ambassador-at-large” for cyberspace and digital policy, used his personal Twitter account to announce the news.
Two American companies offering businesses and individuals the ability to check public records on customers, friends or anyone have admitted they were hacked recently. These background check online services, owned by the same firm, are Truthfinder and Instant Checkmate. Lists of people using either service between 2011 and 2019 were copied. The data includes subscribers’ names, emails, and telephone numbers in some instances, as well as encrypted passwords and expired and inactive password reset tokens. According to Bleeping Computer, this information began being pedalled on a hacking forum on January 21st. It is claimed the combined data is on 20 million people who used the services.
A company that makes mobile apps used by individuals to snoop on their lovers and others will have to pay US$410,000 to New York State for illegally promoting spyware. The apps were promoted as being legal, but installing these apps without people’s knowledge violates U.S. federal and state laws. In addition to the penalties, the apps have to be modified to alert people that their smartphones are being monitored. The apps being marketed are called Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint and Turbospy.
Your company’s IT hardware and software partners are vital. They are also a possible cybersecurity risk. How big? Researchers at SecurityScorecard figure 98 per cent of organizations have a relationship with at least one third-party software supplier that had a data breach in the past two years. Third parties make your business applications. Fourth parties are the thousands of partners these third-party companies have relationships with. The report says half of all organizations have indirect relationships with at least 200 fourth parties that have had breaches in the last two years. Now, these breaches may not have had an effect on your firm. But the point of the report is to make you think about your firm’s indirect exposure to risk. What should your security team be doing? Understanding the cyber risk of your IT partners — and their partners.
Coincidently. the U.S. Cybersecurity and Infrastructure Security Agency just opened a cyber supply chain risk management office to help federal departments and agencies with this problem.
Some hackers will go after anything online, including a suicide prevention phone line. The U.S. has acknowledged that a December 1st day-long outage of the American 988 emergency phone system was caused by a cyberattack on the service’s provider. The text and chat service was still available until service was restored. The Associated Press says it isn’t publicly known who launched the attack. People in distress in the United States can call 988 and reach a crisis support worker. Last week two members of Congress introduced a bill calling for better co-ordination and reporting of cyberattacks on the 988 system.
Meanwhile, a Tennessee hospital is still recovering from a cyberattack last week. As of Sunday, Tallahassee Memorial HealthCare was still diverting some emergency patients from the hospital. As a precaution, all IT systems were taken offline Thursday. Also last week a Maryland TV station reported that Atlantic General Hospital suffered a ransomware attack.
Google is still working on a solution to close a vulnerability in managed Chromebook deployments by school boards and organizations. Security researchers at the Mercury Workshop Team found a way users can unenroll their Chromebooks from the Google Admin management suite. That would allow a user to install anything on the computers in violation of corporate rules. The SANS Institute notes that Chromebook administrators will for the time being have to monitor machines to make sure they stay enrolled.
Staying with Google, security researchers at Spamhaus Technology say crooks are increasingly suing Google Ads to deliver malware. They’re doing it by creating ads for products like Adobe Reader, Gimp, Microsoft Teams, OBS, Slack and the Thunderbird email client. Unsuspecting people using Google to search for these applications are clicking on the first results, which are Google Ads and not the real home pages of the developers. Victims are ignoring the word ‘Ad’ beside the link. This is a two-part problem: One is Google — and other browser makers — need to scan their ads better. The second is the need for better security awareness training for everyone.
Finally, the cyber attackers who last month stole a subscriber database of the French satirical magazine Charlie Hebdo are based in Iran, according to Microsoft. The group, which calls itself ‘Holy Souls’, is believed to have attacked the magazine as a response to it starting an international competition for cartoons ridiculing Iran’s Supreme Leader. The threat group has put what they say is a cache of stolen data including names, phone numbers, home addresses and email addresses up for sale on several hacker forums.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.