A warning for end-of-life Cisco routers, another wave of ransomware attacks on QNAP devices and more.
Welcome to Cyber Security Today. Monday June 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
IT departments keep out-of-date products at their peril. Hackers will quickly find and exploit unpatched devices to slip into networks and steal data. So when a manufacturer says a product no longer gets support it must be replaced. This comes to mind because Cisco Systems has found another serious vulnerability in some of its end-of-life Small Business RV routers. These are the models RV-100W, 130, 130W and 215W. The bugs won’t be fixed. There are no workarounds. If you have these on your networks they have to be replaced.
A new ransomware campaign going after vulnerable QNAP network-attached storage devices has been spotted. The Bleeping Computer news site says samples of the ech0raix ransomware submitted by QNAP users to the ID Ransomware platform have increased recently, a sign of an increase in activity by hackers. That platform is used to identify strains of ransomware found in systems. It isn’t known how the latest campaign is spreading — by email, text messages or other tactics. But QNAP has been warning those overseeing or using its devices to make sure administrative accounts have strong passwords, to enable IP Access Protection, to avoid using default port numbers 443 and 8080, and to disable Universal Plug and Play port forwarding.
A Quebec court has approved a $200 million settlement of a class-action breach of privacy lawsuit against Montreal’s Desjardins Group. It stems from the theft of data of over 9 million current and former customers by an employee between 2017 and 2019. If you were impacted as of June 2019 you can claim up to $90. If your identity was stolen after January 1st, 2017, you can claim up to $1,000. Data was copied by an unnamed staffer in the marketing department onto a USB stick and then allegedly sold to a private lender. It included first and last names, dates of birth, social insurance
A Russian-based botnet of 325,000 compromised devices behind the hacking of millions of computers has been taken down by law enforcement authorities in the U.S., the United Kingdom, Germany and the Netherlands. The botnet is known as RSOCKS. Devices were usually compromised through brute force attacks that cracked poor passwords. RSOCKS enabled the sale of a hacked device’s IP address to crooks, who could use them to hide the source of malicious internet traffic. But with the consent of some owners of compromised devices, government-controlled honeypots were installed on networks. They were infected with RSOCKS. That would have helped investigators gain intelligence, which ultimately led to the dismantling of the botnet infrastructure.
Finally, industrial network administrators using Siemens SINEC network management system who haven’t upgraded the suite to the latest version better do so fast. That’s because security researchers at Claroty have revealed the discovery of 15 vulnerabilities that could be used by an attacker to break into the network. They also revealed a proof of concept of how it could be done. The SINEC system manages internet-connected industrial networks running pipelines and factories. Claroty discovered these holes last year and notified Siemens. The researchers are only now publicly revealing details after Siemens released the patch last October. For those who haven’t got the message, you should be running version 1.0 SP2 Update 1 or higher of SINEC.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.