Patch SysAid software fast, how Ukraine’s power system was crippled by Russia and more.
Welcome to Cyber Security Today. It’s Friday, November 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
IT departments using the on-premise versions of SysAid’s IT support software need to patch these applications immediately. This is to close a serious zero-day vulnerability found by Microsoft. Already a threat group that deploys ransomware which Microsoft calls Lace Tempest is looking for unpatched systems. Administrators need to be running SysAid version 23.3.36.
Security experts around the world are watching the cyber war between Russia and Ukraine for lessons. The latest comes from an examination by researchers at Mandiant into an attack last October on Ukraine’s power grid by the Russian-based Sandworm gang. The target was a power substation. Circuit breakers were remotely tripped causing a power outage at the same time as missiles hit Ukraine’s critical infrastructure. Then an IT data wiper was deployed. It’s an example of the damage an attacker can do if they get access to an operational technology network. There’s a link to the full report in the text version of this podcast at ITWorldCanada.com.
Singapore’s Marina Bay Sands hotel and casino suffered a cyber breach last month. Data on about 664,000 members of the resort’s rewards program was stolen. That includes names, email addresses, country of residence and phone numbers. The resort is owned by the Las Vegas Sands Corp., which has properties in Macao and Singapore.
Last Friday I reported that threat actors are trying to exploit a recently disclosed vulnerability in Citrix’s NetScaler Application Delivery Controllers and NetScaler Gateways. For those who didn’t get the message this week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged network administrators to patch these appliances fast. The vulnerability is nicknamed Citrix Bleed.
In May California’s Pacific Union College revealed it had been hit by a ransomware attack. Now the size of the attack is also being revealed. The college is sending out notices to over 56,000 people that their data was stolen in the March attack. For some the data stolen included their credit or debit card number.
Failing to patch your IT systems within a reasonable period can cost a lot of money, not only for fixing a data breach but also in regulatory fines. The latest example came this week when a radiology firm that provides IT services to medical clinics had to pay $450,000 to New York State for a data theft in 2021. Eleven months earlier SonicWall issued a patch for a firewall vulnerability. For the radiology firm to plug the hole it needed to install a new version of the firewall, which it planned to do in July. But things got delayed. Five months later the hacker got in, possibly by exploiting the vulnerability, and copied personal and health information of just over 198,000 patients.
The ability to create an online quiz in Google Forms is being used by crooks in a new bitcoin scam. That’s according to researchers at Cisco Systems. The idea is to hide the true nature of this quiz because to antivirus tools it looks like it came from Google. Targets receive an email that looks like it came from a legitimate source asking them to participate in the quiz, including letting the form collect their email address. Eventually the victim gets sent to a website that claims they have bitcoin in their wallet. When people try to get the currency they have to enter personal information — and pay a small “exchange fee.”
That’s it for now. But later today the Week in Review podcast will be available. Guest commentator David Shipley of New Brunswick’s Beauceron Security will be here to discuss Okta’s explanation of a recent hack, Cloudflare’s explanation of a recent service outage, the importance of disaster recovery, the future of cybersecurity spending and Europe’s coming cybersecurity product compliance law.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.