Sunday, October 17, 2021

Cyber Security Today, Sept. 22, 2021 – Epik breach has epic ramifications, misconfigurations by EventBuilder users and phishing attacks on the aviation sector

Epik breach has epic ramifications, misconfigurations by EventBuilder users and phishing attacks on the aviation sector.

Welcome to Cyber Security Today. It’s Wednesday, September 22nd I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Last week’s huge theft of data from the American web hosting and domain registrar called Epik may have international repercussions. That’s because the provider not only had data on its customers, it also had data on people and organizations that are not customers. According to the news site Ars Technica, Epik has been scraping records of people who own website domains from the global database of domain holders called the WHOIS directory. Why it did this isn’t known. Perhaps Epik wanted to pitch them for business. Regardless, when the hacktivist collective called Anonymous last week stole and leaked 180 GB of data from Epik it included over 15 million email addresses, names, phone numbers, physical addresses and other information of lots of people — only some of whom were Epik customers. Epik is notifying affected people. You can check if your email address was listed by going to the website ‘HaveIBeenPwned’ and entering your email addresses.

Anonymous says it hacked Epik because the provider hosts questionable and controversial websites. Security researchers say the stolen database may indeed show who are behind some of those sites.

Another serious misconfiguration of an online service has been discovered that could have led to a widespread data breach. This time it’s the EventBuilder webinar conference building tool. It’s used by organizations with Microsoft applications to build webinar registration pages, record webinar sessions and provide related backend services. Data is stored in a cloud storage service. Things can be stored for public or restricted access. In this case links to video recordings using EventBuilder would be public. But security researchers found some webinar organizers mistakenly also left registration information as publicly accessible. That data included peoples’ names, email addresses, phone numbers, company names and their positions. According to one news report crooks apparently didn’t discover the mistakes before the holes were closed.

One lesson here is that employees who are allowed to use tools that involve collecting and holding sensitive data need to be taught proper use of security controls in those tools.

A threat actor has been quietly targeting the aviation industry for at least the last two years, say researchers at Cisco Systems’ Talos threat intelligence service. The goal is to get victims to click on an attachment that installs a backdoor for remote access to a corporate IT network. The attacker has been sending emails to companies with obvious aviation themes such as queries for aircraft for lease. The attachments have file names like ‘Trip Itinerary Details,’ and ‘Private Jet Quote Itinerary Details.’ Aircraft leasing companies would of course get unsolicited requests for the availability of planes, pricing, the capability of carrying certain cargo and so on. In fact sales reps for any company get email pitches from strangers. This is why it’s important they consider carefully if the sender is legitimate by examining the email address of all senders and watching for suspicious language in the body of messages.

By the way Cisco believes this particular attacker has been active for at least five years. The aviation industry may be only one of its targets.

Finally, owners of or IT administrators of computers with certain AMD processors should note this: There’s good reason to install the latest Windows updates. They include fixes to chipset drivers for CPUs with AMD’s Platform Security Processor. A vulnerability could allow an attacker to copy data from memory. This affects a wide number of AMD Ryzen, Athlon, A-series and other processors.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News