{"id":20307,"date":"2022-03-07T09:03:33","date_gmt":"2022-03-07T13:03:33","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=475019"},"modified":"2022-03-14T13:03:23","modified_gmt":"2022-03-14T17:03:23","slug":"cyber-security-today-march-7-2022-more-damage-from-the-nvidia-hack-real-customer-data-exposed-the-unexplained-closing-of-a-criminal-forum-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-7-2022-more-damage-from-the-nvidia-hack-real-customer-data-exposed-the-unexplained-closing-of-a-criminal-forum-and-more\/","title":{"rendered":"Cyber Security Today, March 7, 2022 \u2013 More damage from the Nvidia hack, real customer data exposed, the unexplained closing of a criminal forum and more"},"content":{"rendered":"<p>More damage from the Nvidia hack, real customer data exposed, the unexplained closing of a criminal forum and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, March 7th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe loading=\"lazy\" style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22356182\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>The problems<\/strong> arising from the recent hack of graphics card maker Nvidia continue. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/malware-now-using-stolen-nvidia-code-signing-certificates\/\"  rel=\"noopener\">According to the Bleeping Computer news site,<\/a> threat actors are using stolen Nvidia code signing certificates to sign malware they try to install on victims\u2019 computers. These are things like backdoors, the Cobalt Strike communications tool and the Mimikatz credentials stealing tool. With these certificates, Windows would allow these tools to load. The certificates have expired, but Windows still recognizes them. Windows administrators need to configure systems to deny these certificates until Microsoft prevents them from loading.<\/p>\n<p><strong>By the way,<\/strong> the Lapsus$ hacking group claiming responsibility for the Nvidia theft has just leaked what it says is <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-leak-190gb-of-alleged-samsung-data-source-code\/\"  rel=\"noopener\">confidential source code and other corporate data from Samsung.<\/a><\/p>\n<p><strong>There are dangers<\/strong> in letting software developers play with real customer data to test their applications: Make a mistake and that data can either be stolen or publicly exposed. The latest example comes from a New York City company called Adafruit, which makes electronic components. <a href=\"https:\/\/blog.adafruit.com\/2022\/03\/04\/a-github-repository-was-public-viewable\/\"  rel=\"noopener\">On Friday it admitted<\/a> that a dataset used for training with real customer data could have been seen by anyone who could access a former employee\u2019s GitHub account. GitHub is a cloud platform with tools used by application developers. The database had names, email addresses, shipping and billing addresses of some customers. It did not have passwords or credit card information. Still, names and email addresses could be used by crooks. There\u2019s no shortage of test data with fake information that companies can buy. Or they can create fake data themselves.<\/p>\n<p><strong>Some IT departments<\/strong> still don\u2019t understand the importance of finding every computer system and every application in an organization so they can be securely patched. The latest evidence comes <a href=\"https:\/\/blog-assets.f-secure.com\/wp-content\/uploads\/2021\/03\/30120359\/attack-landscape-update-h1-2021.pdf\"  rel=\"noopener\">in a report from researchers at F-Secure<\/a>. Among the group of organizations it examined in 2020, researchers found 61 per cent of those that had unpatched vulnerabilities had bugs that were at least five years old. Some bugs dated back to 1997. All all of those vulnerabilities and had security updates issued by vendors. It\u2019s vital IT departments have rigorous patch management processes.<\/p>\n<p><strong>One of Russia\u2019s worries<\/strong> about Ukraine is that it will join NATO. However, Russia\u2019s current invasion has pushed the country closer to NATO. Last week the NATO Co-operative Cyber Defence Centre of Excellence <a href=\"https:\/\/ccdcoe.org\/news\/2022\/ukraine-to-be-accepted-as-a-contributing-participant-to-nato-ccdcoe\/\"  rel=\"noopener\">announced that Ukraine is now a contributing participant.<\/a> That means both sides can now share cyber expertise. The centre is headquartered in Estonia.<\/p>\n<p><strong>Cybersecurity experts<\/strong> are puzzled by the disappearance last month of a criminal website called Raid Forums. <a href=\"https:\/\/www.flashpoint-intel.com\/blog\/raid-forums-seizure\/\"  rel=\"noopener\">According to researchers at Flashpoint<\/a>, something happened on February 25th \u2013 either the site was seized or it was closed. This may or may not have had something to do with the Russia-Ukraine war, which started the day before. On that day, the 24th, an administrator announced that the site would ban all users connecting from Russia.\u00a0The next day a threat actor leaked a database belonging to a Russian express delivery and logistics company that allegedly provides services for the Russian federal government. The threat actor said the database leak was a consequence of Russia\u2019s invasion of Ukraine. Also that day a user asked for help in creating fake identification documents, allegedly to assist a friend escape Ukraine. In addition another user encouraged members to begin collecting attackable ranges of Russian IP addresses.\u00a0After that an administrator claimed the site had been seized by an unnamed person. Users were told to change their passwords and log into a new Raid Forums site. But when users try to log in, a message says they\u2019ve been banned. Flashpoint suggests the login credentials are now being captured by someone. It\u2019s unclear when or if Raid Forums will return. One thing for sure: The crooks who used it will go to other forums.<\/p>\n<p><strong>Finally,<\/strong> Linux administrators running\u00a0containers without best practice hardenings or with additional privileges are warned to upgrade to a fixed kernel version. This comes after <a href=\"https:\/\/unit42.paloaltonetworks.com\/cve-2022-0492-cgroups\/\"  rel=\"noopener\">researchers at Palo Alto Networks discovered<\/a> a new privilege escalation vulnerability in the kernel that affects those running containers. The default security hardenings in most container environments should protect against this attack. But those containers not using these controls may be at risk. There\u2019s a link to full details of the report and mitigations in the text version of this podcast, along with links to other reports mentioned, at ITWorldCanada.com.<\/p>\n<p>You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-7-2022-more-damage-from-the-nvidia-hack-real-customer-data-exposed-the-unexplained-closing-of-a-criminal-forum-and-more\/475019\">Cyber Security Today, March 7, 2022 \u2013 More damage from the Nvidia hack, real customer data exposed, the unexplained closing of a criminal forum and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on attackers using stolen Nvidia code certificates, a company admits real customer data was exposed, the unexplained closing of a criminal forum and a warning to Linux administrators<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-7-2022-more-damage-from-the-nvidia-hack-real-customer-data-exposed-the-unexplained-closing-of-a-criminal-forum-and-more\/475019\">Cyber Security Today, March 7, 2022 \u2013 More damage from the Nvidia hack, real customer data exposed, the unexplained closing of a criminal forum and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388],"class_list":["post-20307","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=20307"}],"version-history":[{"count":1,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20307\/revisions"}],"predecessor-version":[{"id":20308,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/20307\/revisions\/20308"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=20307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=20307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=20307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}