Bell division recovering from ransomware, a handy browser utility causes trouble, a vulnerability in Microsoft Teams and more.
Welcome to Cyber Security Today. It’s Monday, September 19th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A division of Bell Canada is still dealing with the effects of a ransomware attack. The website of Bell Technical Solutions, which installs internet and phone services in homes and small businesses in Ontario and Quebec, was still down on Sunday when this podcast was recorded. The Hive ransomware gang says it got into systems and copied data in August. Bell says the names, addresses and phone numbers of an unspecified number of customers who booked appointments were copied. It also says no information such as credit or debit card numbers, banking or financial data was accessed in the incident. A Bell spokesperson didn’t answer my question about how the attacker got past Bell defences.
The Hive ransomware group is also believed to be responsible for a recently-disclosed attack on a New York ambulance service. The Bleeping Computer news service says it’s seen information to make the connection with Hive. Patient names, insurance information and in some cases Social Security numbers were copied when Empress EMS was hacked in May. The ransomware was launched in July.
The desktop version of the Microsoft Teams collaboration application has a security hole, say researchers at Vectra AI. The application stores authentication tokens in clear text, making it vulnerable to attack if a threat actor gets hold of them. One possibility is that a hacker can bypass multifactor authentication. The researchers say Microsoft is aware of the issue but isn’t immediately fixing the app. So, they say, IT administrators should consider using the web-based version of Teams until the desktop version is updated. Linux administrators should note that support for Teams for Linux will end in December. Apparently the problem is in the Microsoft Electron framework used in Teams. So Vectra recommends developers using Electron make sure OAuth tokens are security stored.
Even the most helpful utilities on your computer can be a security threat. According to researchers at an application security provider called Otto, the enhanced spellcheck features for the Google Chrome and Microsoft Edge browsers are risky. If you enter a password into an online form — like a login page — and ask the site to show the password that information will be sent to Google or Microsoft for no good reason. Some websites such as AWS and the LastPass password manager have mitigated this vulnerability. The solution is for IT administrators to disable enhanced spell check in the Settings section of the browsers for all employees. Organizations should also consider disabling the ‘show password’ capability in their login pages, although this is supposed to be a feature to help people make sure they type in the right password.
Municipalities and buildings that use the Kingspan TMS300 CS water tank management system have been warned it has a serious vulnerability. The system allows maintenance experts to monitor tank levels through an app, an online portal or emails. However, a security researcher reported to the U.S. Cybersecurity and Infrastructure Security Agency that the system doesn’t properly restrict access to endpoints. An attacker could modify water tank settings without authenticating. Managers whose infrastructure uses this system should contact Kingspan for advice.
Here’s an update from Uber on a data breach reported last week. The company says there is no evidence the incident involved access to sensitive user data, such as trip history. Uber hasn’t said what was accessed.
Finally, your glasses may be a security risk if you’re on a business video call. University researchers in China and the U.S. say webcams can pick up the reflection of a computer screen in the glasses people are wearing under certain circumstances. Tests in a controlled lab show a system can be built with 75 per cent accuracy that can read text from that reflection if the font is big enough. If what’s on screen is sensitive corporate or personal data, that could be valuable to a threat actor. And, the researchers say, as higher-resolution webcams come on the market the risk could get bigger.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.