{"id":23892,"date":"2022-06-13T07:33:26","date_gmt":"2022-06-13T11:33:26","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=488121"},"modified":"2022-06-14T11:28:06","modified_gmt":"2022-06-14T15:28:06","slug":"cyber-security-today-june-13-2022-serious-bugs-found-in-a-building-access-control-system-ransomware-news-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-june-13-2022-serious-bugs-found-in-a-building-access-control-system-ransomware-news-and-more\/","title":{"rendered":"Cyber Security Today, June 13, 2022 \u2013 Serious bugs found in a building access control system, ransomware news and more"},"content":{"rendered":"<p>Serious bugs found in a building access control system, ransomware news and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday June 13th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p>&nbsp;<br \/>\n<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23401154\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" height=\"90\" width=\"100%\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"\" mozallowfullscreen=\"\" oallowfullscreen=\"\" msallowfullscreen=\"\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Vulnerabilities in IT systems<\/strong> can open serious holes in an organization. So can web-connected door locks. The latest example,<a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/threat-labs\/trellix-threat-labs-uncovers-critical-flaws.html\" rel=\"noopener\"> discovered by researchers at Trellix<\/a>, has forced building access control system provider Carrier to issue a cybersecurity warning to organizations that use its LenelS2 access control panels. The researchers found eight zero-day vulnerabilities that could allow an outsider full system control and the ability to compromise physical security. That includes the ability to unlock any door, subvert alarms and undermine logging and notification systems. The problem is in motherboards made by a company called HID Global Mercury, used in the Carrier panels and other systems. Carrier has issued firmware updates and mitigations.<\/p>\n<p><strong>Linux administrators are being warned<\/strong> of a newly-discovered and hard-to-detect piece of malware. <a href=\"https:\/\/blogs.blackberry.com\/en\/2022\/06\/symbiote-a-new-nearly-impossible-to-detect-linux-threat\" rel=\"noopener\">Researchers at BlackBerry and Intezer<\/a> have dubbed this malware Sybiote. Instead of running as a standalone executable in a server, it is a shared object library that infects all running processes. That gives the attacker rootkit functionality, including the ability to steal passwords and install a backdoor to give remote access. It\u2019s been seen targeting the financial sector in Latin America, but the threat actor could use it more widely. One protection against stolen passwords is the use of multifactor authentication. Monitoring network telemetry for suspicious activity will also be useful aganist this malware.<\/p>\n<p><strong>There\u2019s a debate<\/strong> about whether organizations hit by ransomware should pay to get access back to their data. Here\u2019s a nugget of information <a href=\"https:\/\/www.cybereason.com\/blog\/report-ransomware-attacks-and-the-true-cost-to-business-2022\" rel=\"noopener\">from a survey by Cybereason<\/a> that may help make up executives\u2019 minds: Eighty per cent of organizations that paid up said they were hit by ransomware a second time. And of those, 68 per cent said the attack came less than a month later. Here\u2019s another factoid: Nearly two-thirds of companies hit believe the ransomware gang got into their network through a supplier or partner.<\/p>\n<p><strong>Here\u2019s more on ransomware:<\/strong><a href=\"https:\/\/unit42.paloaltonetworks.com\/helloxd-ransomware\/\" rel=\"noopener\"> Palo Alto Networks has done an analysis<\/a> of the HelloXD strain of ransomware, which emerged last November. It appears to be based on the leaked source code for the Babuk ransomware. However, HelloXD includes an open-source backdoor that allows the attacker to browse the victim\u2019s file system, which can help monitor the progress of the ransomware. This report includes a number of indicators of compromise that could be useful to security teams.<\/p>\n<p><strong>Finally,<\/strong> there\u2019s two cellphone-related privacy stories to report. <a href=\"https:\/\/thehackernews.com\/2022\/06\/researchers-find-bluetooth-signals-can.html\" rel=\"noopener\">Researchers at the University of California have found<\/a> Bluetooth signals might be able to be fingerprinted to track smartphones and their users. Meanwhile <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/wifi-probing-exposes-smartphone-users-to-tracking-info-leaks\/\" rel=\"noopener\">German researchers at the University of Hamburg found<\/a> that some smartphones with their WiFi turned on may transmit data from networks they previously connected to, including passwords and email addresses. These experiments needed to meet certain conditions to work. But they are a lesson to only turn on Bluetooth and WiFi when you are using them. Otherwise keep them off. In addition, make sure your mobile devices have the latest security updates. And if your mobile device is no longer capable of receiving security updates, it\u2019s time to buy a new one.<\/p>\n<p>That\u2019s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-13-2022-serious-bugs-found-in-a-building-access-control-system-ransomware-news-and-more\/488121\">Cyber Security Today, June 13, 2022 \u2013 Serious bugs found in a building access control system, ransomware news and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on vulnerabilities in a web-connected physical security system, new Linux ransomware and wireless security advice<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-13-2022-serious-bugs-found-in-a-building-access-control-system-ransomware-news-and-more\/488121\">Cyber Security Today, June 13, 2022 \u2013 Serious bugs found in a building access control system, ransomware news and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-23892","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=23892"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23892\/revisions"}],"predecessor-version":[{"id":23966,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23892\/revisions\/23966"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=23892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=23892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=23892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}