Queen’s death exploited by phishing scam, new Linux backdoor found, and more.
Welcome to Cyber Security Today. It’s Friday, September 16th, 2022 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The death of Queen Elizabeth is being exploited by crooks. That’s according to researchers at Proofpoint. Someone is sending email messages pretending to be from Microsoft inviting victims to a so-called “interactive AI memory board” to honour the late monarch. The memory board supposedly organizes millions of words and photos to commemorate the Queen. To take part, victims are asked to log in with their Microsoft usernames and passwords — which are promptly captured by the crooks. The scam can bypass multifactor authentication.
Here’s another sign that cyber attacks are getting worse: Fifty-six per cent of 300 cybersecurity professionals recently surveyed said they’ve seen a doubling in threat levels in the past year. Forty-eight per cent said the level of threat activity has increased since Russia’s invasion of Ukraine. The survey was done by security vendor DomainTools. It also showed more than 60 per cent of respondents said active threat hunting — rather than being defensive — helped them identify indicators of compromise for immediate response or blocking of attacks.
Researchers at Necrium Security have found vulnerabilities in two models of WiFi access points from Japanese manufacturer Contec. The FX3000 and FX2000 devices are used by a number of companies, including airlines. Exploiting the hole could lead to data plagiarism, falsification and system destruction. IT administrators with these devices in their networks should install the latest firmware.
The Los Angeles public school district has given its superintendent the temporary power to hire anyone without public tender to help deal with the aftermath of a ransomware attack that started over the Labour Day weekend. The emergency power will last 12 months. The hackers left behind tripwires with the potential to set off another chain of damage or compromised information, the school board says.
Finally, a Linux variant of the SideWalk backdoor implant has been discovered. Researchers at ESET believe it’s being used by an advanced threat group it calls SparklingGoblin. This particular backdoor has been used to compromise a Hong Kong university earlier this year, researchers say. It differs from the Windows version in that it leaves some unique fingerprints and is therefore easier to detect. There’s a link in the text version of this podcast to the ESET report with more details.
That’s it for now. But later today the Week in Review edition of the podcast will be out. This week’s guest commentator is Terry Cutler of Montreal’s Cyology Labs. We’ll talk about ransomware, what IT security leaders can do if they are told to cut costs and why a British bank asked iPhone customers to turn off automatic iOS updates.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.