Another Linux ransomware strain found, a second data breach at Luxottica, Canadian health unit forgets hard drives and secure those SonarQube instances.
Welcome to Cyber Security Today. It’s Monday November 9th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Windows isn’t the only operating system that can fall victim to ransomware. Security vendor Kaspersky has discovered a new piece of malware that targets Linux systems. It’s a version of a Windows ransomware strain called RansomEXX. Corporate victims of this malware have included the Texas Department of Transportation and printer maker Konica Minolta. The group behind this strain launches highly-targeted attacks against large organizations. What makes it hard to detect is that unlike other strains of ransomware this one does not try to defeat anti-malware software or communicate with an outside command and control server, signs that will tip off an IT team of an infection.
Three weeks ago I reported that a ransomware group called Nefilim had begun publishing corporate stolen data from the Luxottica eyeglass group. Luxottica owns large chains for buying prescription glasses, like LensCrafters and PearleVision. Now Luxottica has admitted there was a separate theft of data that happened in August. The online application that its stores use for making customer appointments was hacked. That means criminals may have got people’s names, contact information, health insurance policy number and doctors’ notes, including if there are any health conditions. According to the Bleeping Computer news service, some people’s credit card and social security numbers may also have been copied. The notice doesn’t say how many people may have been affected or how far back the data breach goes.
Data breaches don’t always happen because of a cyber attack. Sometimes carelessness handling of physical things is responsible. For example, Canadian broadcaster CTV News reported over the weekend that a regional health unit in Ontario left behind documents and two computer hard drives with personal and health information when it moved to a new headquarters last spring. The Middlesex-London Health Unit says it was an accident. The two hard drives with information were among 80 hard drives left after the move. Seventy-two of the drives had been wiped and had no data. But the personal and health information on one drive had caseload information for 530 clients of the infant hearing and blind-low vision programs, while the information on the other hard drive included the names and contact information of 150 health unit volunteers. The health unit says it is satisfied no one viewed the data on those drives.
The FBI is warning software developers that use the SonarQube platform for inspecting software code for quality control that poor security practices is allowing hackers to steal their applications. This has been going on since April. The problem is developers aren’t locking down SonarQube suites that are open to the internet. Make sure to change the default SonarQube settings, particularly the default administrator username, password and port. SonarQube instances should be behind the corporate firewall. Users should have to login to use this application.
Finally, tomorrow is Patch Tuesday, when Microsoft releases its monthly security fixes for Windows and other products.
That’s it for Cyber Security Today. Links to details about these stories are in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.