The latest ransomware news, a warning to WordPress Ultimate Member administrators, and more
Welcome to Cyber Security Today. It’s Monday, July 3rd, 2023 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
This is the Canada Day holiday here, so if you’re listening thanks for taking the time on your day off.
The Lockbit ransomware gang is demanding US$70 million from the Taiwan Semiconductor Manufacturing Company. News reports say the company has confirmed there was a cyber incident but not one it suffered directly. An attack at one of the company’s IT hardware suppliers, Kinmax Technology, led to the leak of what Taiwan Semiconductor said was “information pertinent to server initial setup and configuration.” The incident has not affected Taiwan Semiconductor’s business operations or compromised any customer information, the company said.
Ransomware gangs often get into victims’ networks using stolen passwords or exploiting unpatched software. But tricking employees into downloading malware through cloned web pages of legitimate companies is another tactic. Researchers at Trend Micro recently found threat actors, including the BlackCat ransomware gang, are using this tactic. It starts with malvertising — advertising a phony site on a search engine. In one case crooks are looking for people searching for the open-source file-sharing application called WinSCP. Victims get fooled into going to the cloned site, where they download an infected version of the software, which leads to the installation of ransomware or other malware. Security awareness training of employees about what they can and can’t download, and how to safely chose what to download, is vital to stop this kind of compromise.
Avast has released a free decryptor for the 2023 Akira ransomware. It will help IT leaders whose data have been encrypted by that strain. It only works for the Windows version. Avast is working on a native Linux version of the decryptor. Until then the Windows version will work on Linux using the open-source WINE emulator, which allows Windows applications to run on Linux.
WordPress administrators using the Ultimate Member plugin are being warned of a serious vulnerability. That hole, which allows a hacker to create new user accounts with administrative privileges, was supposed to be patched in version 2.6.6. However, researchers at WPScan say it may not have been fixed. Administrators should think about whether this plugin should be disabled until they are sure the vulnerability is fixed.
IT administrators at U.S. federal departments have been slow to follow a June 13th order to secure their IT networks. That’s according to researchers at a cybersecurity company called Censys. The goal of the order is to shut remote internet access off to devices like firewalls, routers, switches, load balancers, and server management consoles. These devices should only be accessed by first logging into a secure internal government network or by securing the remote interface as part of a zero-trust architecture. But two weeks after the order from the U.S. Cybersecurity and Infrastructure Security Agency the researchers found nearly 250 web interfaces to hardware and software were still open to being compromised by hackers. In response to the report the agency said it is working with federal IT departments to move faster.
A deputy U.S. Marshall has pleaded guilty to using his access to a law enforcement service to find people for personal reasons. The Justice Department alleged the Marshall abused his authority by using an online service only for authorized law enforcement purposes to get cell phone data, and then lied about why it was done. He pleaded guilt to unlawfully obtaining confidential phone records.
Finally, police in Europe have broken a criminal network defrauding elderly people in a phone scam. The gang called people in Germany and Poland pretending to be police, saying they were holding a relative responsible for a car accident that resulted in injuries or death of other persons. The phone was then handed to an accomplice who would pretend to be the relative and start crying or screaming begging for money or they would be detained. A person would be sent to the family’s home to collect the cash. This person was often recruited online from a job platform and didn’t realize they were involved in a criminal conspiracy. Similar scams happen in Canada and the U.S. The alleged head of this gang was arrested in London. One lesson: Beware of online job offers with vague descriptions, especially ones where you’re asked to pick up a package from one place and deliver it to another – or pick up cash and put it into a bank account.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. And for our American listeners, have a great Independence Day.
