Cyber Security Today, Sept. 23, 2022 – How a lack of MFA contributed to a hack

A lack of multifactor authentication led to a company’s email system being hacked, says Microsoft.

Welcome to Cyber Security Today. It’s Friday, September 23rd, 2022 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Here’s more evidence of the risks of not having multifactor authentication: Microsoft says a threat actor was recently able to compromise global administrator accounts of an Azure Active Directory at an unnamed organization using credential stuffing attacks. The accounts weren’t protected with multifactor authentication, which Microsoft says would have stopped the attack. After gaining access the hacker created a malicious OAuth application to get control of the organization’s Exchange email system. From there the attacker sent spam emails that looked like they came from the victim organization. Judging from an image in the Microsoft report, the emails pretended to be from Walmart. The phony message said the recipient had been chosen for the retailer’s loyalty program, promising a free iPhone 14 Max for completing a survey. All the victim had to do was provide credit card information. In the fine print the message said the victim would be charged fees to enter a sweepstake for the prize.

Multifactor authentication can be bypassed, but if properly overseen it provides good protection for logins. Microsoft says other techniques including having conditional access policies would also have blunted this kind of attack.

A critical template vulnerability in the Magento 2 e-commerce platform is increasingly being exploited. That warning comes from researchers at Sansec. They urge administrators of sites that use Magento to quickly install a patch to close this hole if they haven’t already done so. Adobe issued that patch in February, when word of this vulnerability was released.

The crooks behind the BlackCat/AlphV ransomware have been using new tactics, tools and procedures, say researchers at Symantec. In a report released Thursday researchers say this group is using a new version of the Exmatter data exfiltration tool as well as EM-FO [[Eamfo]], an information stealing malware that looks for passwords stored by the Veeam backup software. A link to the full report and indicators of compromise is in the text version of this podcast at ITWorldCanada.com.

Attention Windows administrators: Microsoft has released an out-of-band security update to address a spoofing vulnerability in recent versions of Endpoint Configuration Manager. This tool is used to deploy apps, software updates, and operating systems. An attacker could exploit this vulnerability to obtain sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency encourages users and administrators to review Microsoft’s Security Advisory for this hole and apply the necessary updates.

Attention Red Hat Linux administrators: The company has published security advisories to address vulnerabilities in several products. These include Red Hat Enterprise Linux, Red Hat Enterprise Linux Server and Red Hat CodeReady Linux Builder. The Canadian Centre for Cyber Security encourages users and administrators to apply the necessary updates.

That’s it for this morning. But later today the Week in Review edition will be available. Guest commentator David Shipley of Beauceron Security will talk about insider threat awareness month, the latest Uber hack and the $35 million fine to Morgan Stanley’s investment division.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Cyber Security Today Podcast