More news about Snowflake attacks, and a warning to better protect Docker containers.
Welcome to Cyber Security Today. It’s Friday June 7th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
 |
 |
 |
There’s more news about the outbreak of attacks on organizations that use the Snowflake data storage and analytics service. Snowflake says the problem is customers aren’t enabling the use of multifactor authentication as an extra protection for logins. But where are crooks getting credentials to log into Snowflake accounts? Apparently they’re buying them. Reporters at TechCrunch discovered thieves are selling hundreds of alleged stolen Snowflake login credentials of users that subscribe to the service. Snowflake is urging users to enable multifactor authentication.
Later today on the Week in Review edition of the podcast guest commentator David Shipley of Beauceron Security and I discuss the attacks on firms that use Snowflake.
Another issue we’ll look at are continuing privacy concerns about Microsoft’s new Recall tool. According to The Register, at a Boston cybersecurity conference this week Microsoft’s chief scientist brushed aside worries of cybersecurity and privacy experts about the capability. If enabled, Recall takes and stores snapshots every five seconds of a user’s screen on certain new models of Windows 11 PCs. Although Microsoft says the data will be stored locally and encrypted, researchers doing tests on preview versions found the data is unencrypted and therefore easy to steal.
Poorly-protected Docker containers are being exploited to install cryptocurrency miners. The warning comes from researchers at Trend Micro. The unnamed attackers are doing this by first taking advantage of exposed Docker remote API servers. Then they install Docker images from the open-source Commando project. Commando creates Docker images on demand for developers. There are a couple of things container administrators should do to prevent this: Containers and APIs must always be properly configured to prevent being compromised. IT departments should make sure only official or certified container images are in their environments. And containers shouldn’t be run with root privileges.
Researchers at Synopsys are warning of a serious flaw in the Google Chrome extension called EmailGPT. The app helps people using Gmail to write better messages by using OpenAI’s GPT artificial intelligence. However a bug allows a hacker to do nasty things, including steal email messages. Synopsys tried and failed to get a response to its findings for the past 90 days. So it released the warning. The app has been downloaded 87,000 times.
There’s more evidence that hackers are getting more data with every theft. According to the Privacy Commissioner of Canada’s just-released annual report, in a recent 12-month period businesses reported 693 data breaches affecting about 25 million accounts of Canadians. By comparison almost the same number of data breaches reported the year before involved only about half as many accounts.
And the province of British Columbia says an unnamed country may have broken into email accounts of 22 employees. CBC News says the announcement follows news that the government is investigating an attempt to break into its IT systems in April.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.