Public hearings on the Rogers outage start today, a data breach at Entrust and patches issued for SonicWall and Confluence products.
Welcome to Cyber Security Today. It’s Monday July 25th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A televised parliamentary hearing starts this morning into the cause of this month’s huge Rogers internet and wireless outage. First up will be Industry minister François-Philippe Champagne and officials from his department. They may be questioned about the effectiveness of the government’s work with Rogers and other telcos on emergency preparedness. The government established the Canadian Telecom Resiliency Working Group years ago to help telcos work on network resiliency.
Next up will be Rogers officials, who will be asked about the root cause of the July 8th collapse of service. I have a story summarizing a lengthy Rogers explanation to the telecom regulator, the CRTC. In that document Rogers blamed the outage on a maintenance update that deleted a routing filter, which caused its internet traffic distribution routers to be overloaded. But Rogers also insists everything done before the code was installed was well-tested, validated and followed established procedures. In the public version of the Rogers submission there is an explanation of the root cause. But the CRTC, which released the document, blanked that section out. It also blanked out the section where Rogers explains what it is doing to prevent a repeat of the crash. Those blanks may be filled in during the hearing.
Rogers may also be asked why there was an apparent single point of failure in its network design, and why only now is it working to segregate its wireless and internet networks.
Also scheduled to testify are CRTC officials, who may be asked if its oversight failed because Rogers wireless subscribers couldn’t call 911 when its network went down.
Finally, other experts will testify about their view of how the lack of competition among Canadian telecom providers might have contributed to the outage.
Entrust, one of the biggest providers of digital identity protection and secure payment solutions, has been hit by a data breach. According to the Bleeping Computer news service, the attack happened last month. Entrust customers, which include governments and businesses, were told earlier this month. It isn’t known if only Entrust corporate data was stolen or if customer data was also involved. The news service quotes a security industry executive saying a ransomware gang got into Entrust’s system by buying and using compromised login credentials of Entrust employees.
On Friday morning’s podcast I told you about a new version of the Qakbot malware that appears to be a Microsoft Write file. Researchers at Cyble have discovered the gang also has another trick for distributing and installing its malware. Victims who are fooled into clicking on an infected attachment will download a password-protected zip file. When the victim tries opening the file it appears to be an Acrobat PDF document. There’s a supplied password the victim has to use to view the file. If they do that malware gets installed. Employees have to constantly be reminded of the dangers of clicking on links in emails and be trained to spot suspicious links. IT security teams have to make sure their antivirus and antimalware solutions can spot this kind of attacks.
SonicWall has issued an urgent patch for a flaw in its Global Management System software for managing the company’s firewalls, email security and remote access devices. This fixes an SQL injection vulnerability. SonicWall recommends administrators install the patch immediately.
Microsoft has resumed default blocking of Visual Basic for Applications office macros obtained over the internet. It had temporarily stopped the security precaution, aimed a preventing infected macros from automatically running. Now it has updated its advice for IT administrators about options they have for blocking macros through a Group Policy. End users will see a clearer message that a potentially dangerous macro has been blocked.
Finally, Atlassian, which makes the Confluence team collaboration suite, has warned firms there’s a major vulnerability in the Questions for Confluence app. Not all companies use this capability. But if they do and they are migrating data to the Confluence Cloud there’s an account that gets created that includes a hardcoded password to the users group. That will allow anyone knowing where to find the password to view and edit non-restricted messages. Now that this vulnerability is known administrators have to install a patch. Note that if the Questions for Confluence app has been uninstalled the vulnerability may still be there. Check the Confluence advisory for details on systems.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.