{"id":20287,"date":"2022-03-14T07:59:38","date_gmt":"2022-03-14T11:59:38","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=475982"},"modified":"2022-03-15T14:06:33","modified_gmt":"2022-03-15T18:06:33","slug":"cyber-security-today-march-14-2022-ukraine-leaks-details-of-advanced-russian-reactors-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-14-2022-ukraine-leaks-details-of-advanced-russian-reactors-and-more\/","title":{"rendered":"Cyber Security Today, March 14, 2022 \u2013 Ukraine leaks details of advanced Russian reactors, and more"},"content":{"rendered":"<p>Ukraine leaks details of advanced Russian reactors, a package manager warning to software developers and another processor vulnerability found<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday March 14th. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22432766\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>As the war i<\/strong>n Ukraine continues there\u2019s been an interesting development: Ukraine says has hacked and leaked plans for Russia\u2019s leading fast-breed nuclear reactor. <a href=\"https:\/\/jeffreycarr.substack.com\/p\/russias-beloyarsk-nuclear-power-plant?s=r\"  rel=\"noopener\">According to blogger Jeffrey Carr,<\/a> author of the book Inside Cyber War, a number of countries are trying to build fast-breed reactors. If the leaked documents are valuable to reactor researchers, they could allow companies to more quickly build these efficient nuclear power plants. That could dilute the number of countries Russia could sell its technology to. On the other hand, the economic sanctions Russia is now facing because of the war is already reducing global customers for almost any product it makes. <a href=\"https:\/\/www.scmagazine.com\/analysis\/breach\/in-a-first-ukraine-leaks-russian-intellectual-property-as-act-of-war\"  rel=\"noopener\">Carr also told SC Magazine<\/a> that the leak has another interesting strategic benefit: It didn\u2019t harm the power station or the electricity it delivers to Russians. Meanwhile <a href=\"https:\/\/therecord.media\/ukraines-internet-infrastructure-struggles-as-russian-invasion-continues\/\"  rel=\"noopener\">the news site The Record reports<\/a> cyberattacks continue to impair Ukraine\u2019s internet providers from giving service to their customers.<\/p>\n<p><strong>Norwood Clinic,<\/strong> which has a number of medical offices in Alabama, is notifying all of its 228,000 patients of a data breach that happened last fall. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/59fb8783-b735-43e8-bae5-ddd4263d043e.shtml\"  rel=\"noopener\">In a regulatory filing<\/a> the health provider said it couldn\u2019t determine exactly what the hackers accessed, so it is notifying every patient and giving them free credit monitoring. The files that were accessed had patients\u2019 names, contact information, dates of birth, Social Security numbers, driver\u2019s licence numbers and some of their health information.<\/p>\n<p><strong>Computer games developer<\/strong> <a href=\"https:\/\/news.ubisoft.com\/en-gb\/article\/3tSsBh25mhHhlbGSy1xbRw\/ubisoft-cyber-security-incident-update\"  rel=\"noopener\">Ubisoft has admitted<\/a> suffering a \u201ccyber security incident\u201d earlier this month. The attack caused temporary disruption to some games and systems, it said. As a precaution all users were forced to create new passwords.\u00a0As of last Thursday there was no evidence any player\u2019s personal information was accessed, the company said. Ubisoft\u2019s games include Far Cry, the Tom Clancy series and Rainbow Six.<\/p>\n<p><strong>Attention software developers<\/strong>: Vulnerabilities have been found in eight open-source package managers. These are tools used to manage and download what are called third-party dependencies, which are components needed to make an application work. However, <a href=\"https:\/\/blog.sonarsource.com\/securing-developer-tools-package-managers\"  rel=\"noopener\">researchers at SonarSource discovered<\/a> vulnerabilities in the Composer, Bundler, Bower, Poetry, Yarn, pnpm, Pip and Pipenv package managers. If hackers contaminate third-party dependencies, they could be spread in applications through the package managers. Then the app could be used to take over an organization&#8217;s network and steal data. Some of the eight vulnerable package managers have been patched. SonarSource reminds developers to treat all third-party code they want to add to their applications or toolkits as dangerous unless they are thoroughly scanned. There are more detailed recommendations in the blog. There\u2019s a link in the text version of this podcast.<\/p>\n<p><strong>An Android mobile app<\/strong> pretending to be the McAfee anti-virus application is circulating. It\u2019s a new variant of malware that steals a users\u2019 bank login credentials from their smartphone. <a href=\"https:\/\/blog.cyble.com\/2022\/03\/10\/aberebot-returns-as-escobar\/\"  rel=\"noopener\">According to security researchers at Cyble,<\/a> what makes it dangerous is this new version also steals data from the Google Authenticator app, used for secure two-factor login authentication into bank accounts, email and business services. It\u2019s vital Android smartphone users only download apps from the Google Play store. Apple iPhone, Watch and iPad users should only download apps from the Apple store. Google and Apple try hard to screen apps listed in their stores. You take your chances downloading apps from anywhere else.<\/p>\n<p><strong>Finally,<\/strong> four years ago security researchers began reporting on memory vulnerabilities in Intel, AMD and ARM processor chips. Called speculative execution problems, they\u2019ve been given nicknames like Spectre and Meltdown. Microprocessor and operating system manufacturers have been issuing patches to try to fix the problems for a while. However, <a href=\"https:\/\/www.vusec.net\/projects\/bhi-spectre-bhb\/\"  rel=\"noopener\">security researchers at a university in Amsterdam have discovered<\/a> a way around existing protections for the Spectre bug. That has forced Intel, AMD and ARM to release another round of software updates and mitigations to application and operating system makers. One solution for Linux administrators is to disable a capability called unprivileged eBPF and enable Supervisor-Mode Access Prevention (SMAP). There are more detailed recommendations in the researcher\u2019s blog. There\u2019s a link in the text version of this podcast at ITWorldCanada.com<\/p>\n<p>You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-14-2022-ukraine-leaks-details-of-advanced-russian-reactors-and-more\/475982\">Cyber Security Today, March 14, 2022 \u2013 Ukraine leaks details of advanced Russian reactors, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today&#8217;s episode reports on an alleged Ukraine theft of IP from Russia, the discovery of vulnerable software package managers, another Spectre processor bug, more data breaches and a bad Android app<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-14-2022-ukraine-leaks-details-of-advanced-russian-reactors-and-more\/475982\">Cyber Security Today, March 14, 2022 \u2013 Ukraine leaks details of advanced Russian reactors, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388],"class_list":["post-20287","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=20287"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20287\/revisions"}],"predecessor-version":[{"id":20821,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20287\/revisions\/20821"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=20287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=20287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=20287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}