Millions of Americans caught in MOVEit hacks, the latest DDoS news, and more.
Welcome to Cyber Security Today. It’s Monday, June 19th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Millions of people in the U.S. states of Oregon and Louisiana have become victims of hacked databases from organizations using Progress Software’s MOVEit file transfer application. Oregon’s Department of Transportation said data on 3.5 million residents of the state was copied. It can’t say specifically what was copied, but those with active Oregon ID or drivers’ licences should assume related information was involved. Meanwhile Louisiana’s Office of Motor Vehicles said all residents with a state-issued driver’s licence, ID or car registration had personal data copied. That includes their names, addresses, Social Security numbers and birth dates — in other words, a lot of the info needed to create phony identities.
The Clop ransomware gang is claiming it has used a vulnerability in MOVEit to steal data from a large number of organizations. It listed over two dozen of them on its data leak site. In response the U.S. government’s Rewards for Justice program tweeted that it’s offering up to US$10 million for information linking the Clop gang to a foreign government.
In a March podcast I reported that the U.S. discovered threat actors had exploited a 2019 vulnerability in Progress Software’s Telerik application development platform. That allowed the attackers to get inside a government Microsoft internet server. Well, last week the government revealed hackers had also exploited an unpatched 2017 vulnerability in Telerik in an unnamed federal department server. IT leaders, please make sure your department has a rigorous patch management program. It has to start with discovering all the software assets you have.
Cybercrime police in Poland have blocked a distributed denial of service operation based in their country and detained two people. The service had been running since 2013 from a server based in Switzerland. In addition to shutting the service police seized a lot of data, 15 hard drives and other interesting evidence. The action was part of the international Operation Power Off that goes after DDoS for hire services. According to Wikipedia, since last year the operation has shut 48 websites offering DDoS services.
Meanwhile Microsoft acknowledged that slowdowns in some online services in June were caused by DDoS attacks. It has blamed the attacks on a group it nicknames Storm-1359, which it says has access to a number of botnets for launching massive flows of traffic against websites.
More DDoS news: A threat group calling itself Diicot has added the ability to conduct DDoS attacks. That’s according to researchers at Cado Security. The particular botnet it created goes after vulnerable routers running the Linux-based OpenWrt operating system. The Cado report has more about this group’s tactics and techniques, including its ability to go after SSH servers exposed to the internet by trying to brute-force credentials.
I’ve warned before of the dangers of allowing employees to download unapproved browser extensions. Here’s the latest reason why: Researchers at HP Wolf Security have discovered a new malicious Chrome extension. It gathers personal information such as search queries, and it pushes ads into browser sessions. The researchers dub the campaign spreading this malware Shampoo. Often employees get tricked into getting the extension after downloading a free movie, video game or unapproved content. Where possible browsers have to be locked down to prevent the downloading of unapproved extensions. In addition staff have to be regularly reminded this is forbidden.
The European Commission has urged EU countries to move faster on stopping high-risk telecom equipment suppliers such as Huawei and ZTE from being part of their nations’ 5G networks. This comes after the release last week of a progress report on the implementation of the EU Toolbox on 5G cybersecurity. Out of 24 countries that have adopted or are preparing legislative measures allowing them to assess 5G network suppliers, the report says only 10 have actually imposed restrictions. Three other countries are working on updating their legislation. The action comes after years of worries from many countries that Chinese companies are obliged under law to co-operate with the government’s intelligence agencies.
Finally, did you use Google for an internet search between October 25th, 2006 and September 30th, 2013? If so, you have until July 31st to file a claim under the settlement of an American class action lawsuit. It resolves allegations that Google violated its own privacy policy by selling users’ search queries and histories to other companies. Google has set aside US$23 million under the settlement. Each applicant will receive $7.70. Under the settlement Google doesn’t admit wrongdoing. It does agree to revise its publicly-posted statements on how and when Google search queries may be disclosed to third parties.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
