{"id":20295,"date":"2022-03-11T08:56:24","date_gmt":"2022-03-11T12:56:24","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=475664"},"modified":"2022-03-14T13:03:23","modified_gmt":"2022-03-14T17:03:23","slug":"cyber-security-today-march-11-2022-threats-from-apc-power-supplies-a-warning-to-servicenow-administrators-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-11-2022-threats-from-apc-power-supplies-a-warning-to-servicenow-administrators-and-more\/","title":{"rendered":"Cyber Security Today, March 11, 2022 \u2013 Threats from APC power supplies, a warning to ServiceNow administrators and more"},"content":{"rendered":"<p>Threats from APC power supplies, a warning to ServiceNow administrators and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Friday March 11th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe loading=\"lazy\" style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22410566\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Security pros<\/strong> usually don\u2019t think an uninterruptable power supply box can be used as a cyber threat. But anything connected to the internet is a risk. The latest example are three critical firmware vulnerabilities found in APC\u2019s Smart-UPS devices. <a href=\"https:\/\/www.armis.com\/research\/tlstorm\/\"  rel=\"noopener\">According to security researchers at Armis,<\/a> if exploited the bugs could allow these backup power supplies to be taken over and damaged by cyber attackers. The damage could spread to connected sensitive devices like hospital or industrial equipment as well as servers. The bugs could also be used to break into corporate IT networks and install malware. Schneider Electric, which makes the APC line, has created a patch that needs to be installed fast.<\/p>\n<p><strong>IT administrators<\/strong> who use the cloud-based ServiceNow platform for IT management support aren\u2019t locking down their systems properly. That comes from a report by <a href=\"https:\/\/appomni.com\/resources\/aolabs\/appomni-discovers-security-misconfiguration-impacting-servicenow\/\"  rel=\"noopener\">a security researcher at AppOmni.<\/a> They said nearly 70 per cent of tested ServiceNow instances were misconfigured, which could allow an attacker to copy corporate data. The problem is in poorly-set Access Control Lists and in giving too many permissions to guest users. Administrators need to ensure everyone on an Access Control List can only access the data they need. In particular, access rights of those assigned to a \u2018public\u2019 role need to be limited.<\/p>\n<p><strong>You may want to contribute<\/strong> in some way to helping Ukraine in its fight against Russia. However, like all causes that ask for support know who you are donating to or what you are downloading. In a blog this week <a href=\"https:\/\/blog.talosintelligence.com\/2022\/03\/threat-advisory-cybercriminals.html\"  rel=\"noopener\">researchers at Cisco Systems\u2019 Talos threat intelligence service<\/a> noted crooks are trying to exploit the war by creating fake websites. One offers a phony distributed denial of service tool called Liberator on the Telegram chat site. It\u2019s supposed to launch attacks on Russian propaganda websites. Instead it steals data from the victim\u2019s computer. If you want to help make sure you know who you\u2019re dealing with.<\/p>\n<p><strong>Threat groups<\/strong> don\u2019t always use phishing messages to individuals to spread malware. Sometimes they highjack email or text message threads between people and toss is a message with a malicious link. That way it looks to participants in the thread like the message is coming from someone who is part of the conversation. <a href=\"https:\/\/news.sophos.com\/en-us\/2022\/03\/10\/qakbot-injects-itself-into-the-middle-of-your-conversations\/\"  rel=\"noopener\">Security researchers at Sophos<\/a> this week gave a recent example. A group distributing the Qaabot malware was able to inject themselves into a listserv announcement about a musical performance. A listserv is a mailing list allowing a sender to send an email to everyone on the list. If a hacker gets onto the list they can use it to spread malware. And that\u2019s what happened. Once the listserv was compromised, messages with infected attachments went to members. One message just said \u201cPlease reply to the paperwork I sent.\u201d One trick: The links in the messages weren\u2019t hotlinked. You had to paste the URL into a browser\u2019s address bar. Do that and a screen pops up asking for your Microsoft Office login password. What it leads to is a malicious Excel spreadsheet that leads to the Qaakbot infection. One lesson: Beware of messages with attachments you haven\u2019t asked for or aren\u2019t expecting.<\/p>\n<p>Finally, later today the Week in Review edition of the podcast will be out. Join guest commentator Jim Love, CIO of IT World Canada and I as we discuss some of the news from the past seven days.<\/p>\n<p>Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p>You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>&nbsp;<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-11-2022-threats-from-apc-power-supplies-a-warning-to-servicenow-administrators-and-more\/475664\">Cyber Security Today, March 11, 2022 \u2013 Threats from APC power supplies, a warning to ServiceNow administrators and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on threats from internet-connected APC power supplies, a warning to ServiceNow administrators, fake Ukraine support websites and hijacked message threads<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-11-2022-threats-from-apc-power-supplies-a-warning-to-servicenow-administrators-and-more\/475664\">Cyber Security Today, March 11, 2022 \u2013 Threats from APC power supplies, a warning to ServiceNow administrators and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388,390],"class_list":["post-20295","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security","tag-public-sector"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=20295"}],"version-history":[{"count":1,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20295\/revisions"}],"predecessor-version":[{"id":20296,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20295\/revisions\/20296"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=20295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=20295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=20295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}