Ransomware targets small businesses, warnings for Digium Elastix and Netwrix Auditor administrators, and more.
Welcome to Cyber Security Today. It’s Monday, July 18th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
 |
 |
 |
My thanks to Jim Love for filling in while I took last week off. It’s good to be back. So here’s some of the latest news:
Small businesses often think — wrongly — they’re not targets of hackers. In fact, they are in the cross-hairs of a number of threat actors. And according to Microsoft, one of them is a group based in North Korea that’s spreading ransomware. The group, which calls itself H0lyGh0st, has been compromising small and medium-sized businesses in a number of countries since last September. Victims include banks and schools. Organizations of all sizes can protect against ransomware, and all types of cyber attacks, by only using up-to-date and patched software, forcing all employees to use multifactor authentication for logins, deploying antivirus or antimalware protection and limiting access to sensitive data to only those who need it.
Attention IT communications managers: Organizations using the Digium Elastix voice-over-IP PBX system are being targeted by threat actors. According to researchers at Palo Alto Networks, the attackers are trying to install a web shell on the system’s web server. The report doesn’t detail how systems are initially attacked. But your firewalls and threat detection applications have to be configured to protect against this intrustion.
Attention IT managers: A vulnerability in Netwrix Auditor, which is IT asset auditing software, could allow an attacker to compromise a system. That’s according to researchers at a firm called Bishop Fox. Ultimately the attack could lead to the compromise of an Active Directory domain. Administrators are urged to update to version 10.5 of Netwrix Auditor.
Many mobile apps are rushed to market with security holes, if a recent study done for mobile security firm Approov is accurate. Half of 302 security directors and mobile application development professionals in the U.S. and the U.K. said their organization may ship apps with known insecurities. Two-fifths of respondents said their organization’s security processes for third-party and in-house developers are weak and insufficient. In addition, 60 per cent of respondents said that they don’t have visibility into runtime threats against mobile apps and APIs. Given the security risks it’s a mystery why developers rush mobile apps to market.
Application developers using open source packages on GitHub should look for and trust ones that are actively maintained. Those that aren’t are possibly linked to malware. GitHub provides metadata called commits on the history of packages. But a report by researchers at Checkmarx warns that timestamps on commits can be easily manipulated because they aren’t verified. As a result a threat actor could post a package and make it look like it’s been active for a long time. Not only that, the identity of the committer can be spoofed. The report urges developers to use GitHub’s Commit Signature Verification feature to sign their commits and help improve confidence in package data.
Finally, LendingTree, an American online loans assistance platform, has confirmed private information of 70,000 users was left open on the internet in February. The platform told The Record cybersecurity news service that a code vulnerability led to the exposure of the data that included customers’ names, dates of birth, Social Security numbers and addresses. At the same time LendingTree denied claims that loan application data on 200,000 people being sold on the dark web came from its platform.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
