Ransomware targets small businesses, alerts for Digium Elastix and Netwrix Auditor admins, and more.
Welcome to Cyber Security Today. It’s Monday, July 18th, 2022. I’m Howard Solomon, Contributing Cybersecurity Reporter for ITWorldCanada.com.
Thanks to Jim Love for filling in while I was taking time off last week. It’s good to be back. So here is some of the latest news:
Small businesses often think – wrongly – they are not targets of hackers. In fact, they are in the crosshairs of a number of threat actors. and according to Microsoftt, one of them is a North Korea-based group spreading ransomware. The group, which calls itself H0lyGh0st, has been compromising small and medium-sized businesses in a number of countries since last September. Victims include banks and schools. Businesses of all sizes can protect themselves from ransomware and all types of cyber-attacks by only using up-to-date and patched software, forcing all employees to use multi-factor authentication for logins, providing virus or malware protection, and restricting access to sensitive Limit data to only those who need it.
Attention IT communication managers: Organizations using Digium Elastix Voice over IP PBX system are under attack from attackers. According to researchers at Palo Alto Networks, The attackers attempt to install a web shell on the system’s web server. The report does not detail how systems are initially attacked. However, your firewalls and threat detection applications must be configured to protect against this intrusion.
Attention IT managers: A vulnerability in Netwrix Auditor, software for auditing IT assets, could allow an attacker to compromise a system. That’s what researchers say at a company called Bishop Fox. Ultimately, the attack could lead to the compromise of an Active Directory domain. Administrators are urged to upgrade to version 10.5 of Netwrix Auditor.
Lots of mobile apps with security gaps are being pushed onto the market, according to a recent study done for mobile security company Approov is accurate. Half of 302 security directors and mobile application development experts in the US and UK said their organization may be shipping apps with known insecurities. Two-fifths of respondents said their organization’s security processes for external and internal developers are weak and inadequate. Additionally, 60 percent of respondents said they have no visibility into runtime threats against mobile apps and APIs. Given the security risks, it’s a mystery why developers are rolling out mobile apps so quickly.
application developer If you use open source packages on GitHub, you should look for and trust those that are actively maintained. Those that aren’t may be associated with malware. GitHub provides metadata about the history of packages called commits. but a report by researchers at Checkmarx warns that timestamps on commits can be easily tampered with since they are unverified. As a result, a threat actor could release a package and make it appear as if it has been active for a long time. Not only that, the committer’s identity can be spoofed. The report urges developers to use GitHub’s commit signature verification feature to sign their commits and increase trust in package data.
Finally, LendingTree, an American online lending support platform, has confirmed that private information of 70,000 users was leaked online in February. The platforms to cybersecurity news outlet The Record that a vulnerability in the code led to the disclosure of data containing customer names, dates of birth, social security numbers and addresses. At the same time, LendingTree dismissed claims that loan application data from 200,000 people sold on the dark web came from its platform.
Remember, links to podcast story details are included in the text version on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.