Monday, October 25, 2021

Cyber Security Today, Sept. 20, 2021 – Patch for OMIGOD vulnerability, a list of ransomware exploits and prison for AT&T scammer

Patch for OMIGOD vulnerability, a list of ransomware exploits and prison for AT&T scammer.

Welcome to Cyber Security Today. It’s Monday September 20th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

 One lesson IT managers have to learn is that threat actors jump on news of the latest vulnerability to launch their attacks. Proof of that is in a news report that hackers are already trying to exploit a hole in virtual Linux servers running on Microsoft’s Azure cloud platform. The vulnerability is dubbed OMIGOD, because it’s named after a hole in the O.M.I. agent in Azure. An attacker could take over Azure Linux servers through that hole. A story I wrote on Friday for ITWorldCanada.com outlined Microsoft’s advice to IT administrators running Linux virtual servers on Azure on what they need to do.

There’s another angle on this: Security researchers are compiling a list of the favourite vulnerabilities ransomware gangs are using for initial compromise of corporate IT networks. It will help security teams better defend their networks. The list is still being compiled, but an early version shows the usual suspects that have been widely reported on. I see them in groups: First, vulnerabilities in Windows and related products like Microsoft Office, Exchange and Sharepoint. Second, holes in network access products from Citrix, Pulse Secure, Fortinet, SonicWall, Palo Alto Networks, F5 Networks and Fortinet. And third a group I categorizes as ‘Others.’ such as vulnerabilities in network-attached storage, file transfer utilities and the like. All of these vulnerabilities are publicly known. All have had security patches released. Some are new, but others date back to 2018. Again, the lesson is IT staff have to keep on top of security alerts from the products in their environments and install patches as fast as possible.

Meanwhile the Wall Street Journal says as part of the U.S. fight against ransomware Washington this week will in some way restrict cryptocurrency exchanges from handling ransomware payments. The idea is to make it harder for cybercrooks to use untraceable digital currency to earn money from their attacks.

Company leaders worry about cyber-attacks or data theft by employees and contractors, who collectively are called insiders. Most attacks come from crooks outside an organization, but there are people who have no scruples. In one of the worst cases, a few employees at American telecommunications giant AT&T accepted bribes to install malware and hacking tools. They did it over seven years starting in 2012. That allowed almost 2 million AT&T cellular phones to be unlocked for customers willing to pay a fee by a crooked company, effectively allowing the user to have free service. AT&T lost about $200 million. Last week a citizen of Pakistan and Grenada who was arrested in Hong Kong and extradited to the U.S. in 2018 was sentenced by an American court to 12 years in prison for leading the scheme. According to a news report, the employees involved were fired.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Follow this Podcast

More Cyber Security Today