List of U.S. government departments hacked gets longer, ransomware hidden in fake CyberPunk app and more
Welcome to Cyber Security Today. It’s Friday December 18th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The fallout continues from the discovery last weekend that updates to SolarWinds’ Orion network management platform used by major companies and governments had been hacked. According to the news site Politico, on Thursday officials in the U.S. Congress were notified suspicious activity has been spotted on computer networks of two major American nuclear research labs, the Office of Secure Transportation and the Federal Energy Regulatory Commission. The suspicion is access was gained through compromised Orion software. This week officials said they found evidence of a number of U.S. government department networks being hacked by the same group, including the Department of Homeland Security. However, officials caution the attackers have also been using other ways of getting into systems besides Orion. As evidence of that a security firm called Volexity reports that one of its clients, a U.S. think tank, was recently compromised three times. The attack group used the Orion vulnerability once, but different methods the other two times.
UPDATE: Microsoft, which uses Orion, said late Thursday that it has found evidence of malicious SolarWinds binaries in its system.
Later this afternoon on the Week In Review podcast I’ll be talking with Terry Cutler of Cyology Labs about the implications of the Orion hack, as well as the theft of customer data from a Canadian credit union.
The game CyberPunk 2077 is pretty popular. But if you want the Android version make sure you get the real game on the real Google Play website. A researcher at security firm Kaspersky reports that someone is pushing a corrupted version of the game on a fake Google Play website that infects victims with ransomware. This follows the release of a ransomware-infected Windows version of the game. If you want a game make sure it comes from a safe source. Stay away from pitches for free copies of games.
Attention WordPress administrators: Another vulnerability in a plugin for this content manager has been found. This time it’s the app called Contact Form 7, which allows users to create and manage forms for contacts. The vulnerability allows an attacker to upload malicious files to a web server bypassing any uploading restrictions. There’s a security update available and it should be installed fast.
Attention security professionals. If your firm uses Trend Micro’s InterScan Web Security Virtual Appliance install the latest patches. They close several major vulnerabilities.
Attention software developers: If you use the Bouncy Castle open-source cryptography library for creating secure applications make sure you update the apps to the latest version. A serious vulnerability has been found that could allow passwords to be cracked.
That’s it for now. Remember the Week In Review podcast will be available later this afternoon. Listen on your way home or on the weekend.
Details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.