Patch for OMIGOD vulnerability, a list of ransomware exploits and prison for AT&T scammer.
Welcome to Cyber Security Today. It’s Monday September 20th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
One lesson IT managers have to learn is that threat actors jump on news of the latest vulnerability to launch their attacks. Proof of that is in a news report that hackers are already trying to exploit a hole in virtual Linux servers running on Microsoft’s Azure cloud platform. The vulnerability is dubbed OMIGOD, because it’s named after a hole in the O.M.I. agent in Azure. An attacker could take over Azure Linux servers through that hole. A story I wrote on Friday for ITWorldCanada.com outlined Microsoft’s advice to IT administrators running Linux virtual servers on Azure on what they need to do.
There’s another angle on this: Security researchers are compiling a list of the favourite vulnerabilities ransomware gangs are using for initial compromise of corporate IT networks. It will help security teams better defend their networks. The list is still being compiled, but an early version shows the usual suspects that have been widely reported on. I see them in groups: First, vulnerabilities in Windows and related products like Microsoft Office, Exchange and Sharepoint. Second, holes in network access products from Citrix, Pulse Secure, Fortinet, SonicWall, Palo Alto Networks, F5 Networks and Fortinet. And third a group I categorizes as ‘Others.’ such as vulnerabilities in network-attached storage, file transfer utilities and the like. All of these vulnerabilities are publicly known. All have had security patches released. Some are new, but others date back to 2018. Again, the lesson is IT staff have to keep on top of security alerts from the products in their environments and install patches as fast as possible.
Meanwhile the Wall Street Journal says as part of the U.S. fight against ransomware Washington this week will in some way restrict cryptocurrency exchanges from handling ransomware payments. The idea is to make it harder for cybercrooks to use untraceable digital currency to earn money from their attacks.
Company leaders worry about cyber-attacks or data theft by employees and contractors, who collectively are called insiders. Most attacks come from crooks outside an organization, but there are people who have no scruples. In one of the worst cases, a few employees at American telecommunications giant AT&T accepted bribes to install malware and hacking tools. They did it over seven years starting in 2012. That allowed almost 2 million AT&T cellular phones to be unlocked for customers willing to pay a fee by a crooked company, effectively allowing the user to have free service. AT&T lost about $200 million. Last week a citizen of Pakistan and Grenada who was arrested in Hong Kong and extradited to the U.S. in 2018 was sentenced by an American court to 12 years in prison for leading the scheme. According to a news report, the employees involved were fired.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.