A sex video site exposed, free incident and vulnerability response advice and a detailed look into the Conti ransomware gang
Welcome to Cyber Security Today. It’s Monday November 22nd. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
 |
 |
 |
Someone appears to have been careless with a database of users of the Stripchat adult video website. Security researcher Bob Diachenko says he found an unprotected database with a huge number of records of people who appear to be registered users of the site. Users can post videos of themselves in sexual situations. Information in the database includes email addresses, usernames and IP addresses. It isn’t clear who owns the database, but after Diachenko notified Stripchat it wasn’t openly available anymore. It isn’t known how long the database was open for anyone to find or whether anyone else found and copied it. If they did, as Diachenko notes, the information could be used to harass and threaten people. It’s another example of how companies have to make sure employees know how to safely handle sensitive information. It’s not uncommon for an employee to analyze a database or a subset of a database of corporation information. But there have to be security controls like password protection and the database not be linked to the internet.
Small or inexperienced IT departments have trouble setting formal procedures for handling two of the biggest issues they face: Responding to a cybersecurity incident, and responding to news of a software or hardware vulnerability in a product they use. The U.S. Cybersecurity and Infrastructure Security Agency this month released a document that may help. It has two playbooks: One for incident response and one for vulnerability response. These playbooks are checklists aimed at American federal government departments, but they can be used by any company. Standardized responses to problems are a key way to improve an organization’s cybersecurity maturity. There’s a link to the document in the text version of this podcast at ITWorldCanada.com. If you don’t see today’s podcast on the front page, look under the Podcast tab at the top. A hint: This podcast goes out at 5 a.m. Eastern, but the text version only goes live around 8 a.m.
More Americans are flying as COVID-19 restrictions are being lifted. So scammers are taking advantage by sending out phishing messages to people who may be enrolled in the TSA PreCheck program. This program allows fliers to go more quickly through airport screening. The emails look like they come from the government saying a person’s registration has to be renewed for a fee, paid through PayPal. But a report by researchers at a firm called Abnormal Security warns this is a con to steal money. This scam was first spotted earlier this year, and a new phishing message was seen this month. The thing is, some of these messages actually have a disclaimer saying they are not affiliated with the government. If you are a TSA PreCheck, Global Entry or NEXUS user and are concerned about the status of your registration, don’t click on an email link. Go directly to the website where you registered.
The Conti ransomware gang has victimized a number of big organizations since the fall of 2019. Now you can get at least a partial look at how it operates. A Swiss cybersecurity company called Prodaft recently was able to find and leverage a vulnerability in the gang’s recovery server. Last week it put out a report about what if found, including the IP addresses of possible gang affiliates. The information may help IT defenders better protect their organizations. A link to the report is in the text version of this podcast. A more detailed report has been shared with law enforcement agencies, which may help them go after the gang. This report follows the release in May of the Conti gang’s guides, training documents, images of its infrastructure and more by a disgruntled hacker who alleged he was owed money. A ransomware-as-a-service platform, Conti lets approved affiliates break into organizations, after which the affiliate can use the Conti strain of ransomware to encrypt the victim’s data, and the Conti infrastructure for exfiltrating data and receiving payments. It usually threatens victim organizations to release the stolen data unless it pays for data decryption keys. But cybersecurity reporter Brian Krebs last month reported that Conti is also now selling to other crooks the compromised access it has to victim firms so they can do the exploiting.
Finally, a radiology clinic in Utah last week notified over 580,000 current and former patients that their personal information may have been stolen recently by a hacker. According to the Bleeping Computer news service, the information may include patient names, addresses, dates of birth, Social Security numbers, health insurance policy numbers and possibly other information. As a result of the incident the clinic is offering impacted individuals complimentary credit monitoring and identity theft restoration services.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
