{"id":24150,"date":"2022-06-17T08:28:47","date_gmt":"2022-06-17T12:28:47","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=488856"},"modified":"2022-06-20T10:53:39","modified_gmt":"2022-06-20T14:53:39","slug":"cyber-security-today-june-17-2022-ransomware-could-hit-microsoft-365-files-a-warning-to-web-developers-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-june-17-2022-ransomware-could-hit-microsoft-365-files-a-warning-to-web-developers-and-more\/","title":{"rendered":"Cyber Security Today, June 17, 2022 \u2013 Ransomware could hit Microsoft 365 files, a warning to web developers and more"},"content":{"rendered":"<p>Ransomware could hit Microsoft 365 files, a warning to web developers and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Friday June 17th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p>&nbsp;<br \/>\n<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23452772\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" height=\"90\" width=\"100%\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"\" mozallowfullscreen=\"\" oallowfullscreen=\"\" msallowfullscreen=\"\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Ransomware<\/strong> can encrypt and render unrecoverable files saved by Microsoft\u2019s cloud-based Office 365 suite if the files are in SharePoint or OneDrive storage. <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/cloud-security\/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality\" rel=\"noopener\">That\u2019s according to security researchers at Proofpoint.<\/a> It\u2019s another way ransomware gangs can attack data held in the cloud, their report says. It warns IT administrators that only if they have separate backups of 365 data can they be safe from ransomware. A successful attack would start with a threat actor accessing a user\u2019s SharePoint Online or OneDrive accounts by compromising or hijacking their login credentials. 365 allows users to save several versions of files. But if the attacker reduces the number of versions stored to a low number, such as 1, the stored files over that limit can be encrypted. Proofpoint quotes Microsoft saying it might be able to recover older versions of files before they were encrypted. There are defences against this kind of attack. They include using multifactor authentication to lower the odds of accounts being compromised by stolen passwords, backing up cloud files outside of the Microsoft 365 environment and increasing the number of restorable versions of stored data held inside 365.<\/p>\n<p><strong>Developers<\/strong> using the Telerik UI web application framework should be aware that a three-old year vulnerability continues to be exploited by hackers. The flaw allows the takeover of web servers built with the platform. <a href=\"https:\/\/news.sophos.com\/en-us\/2022\/06\/15\/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections\" rel=\"noopener\">Researchers at Sophos said<\/a> the latest attempt was seen in May. While Telerik issued a patch a while ago, some systems are still at risk. One problem is the framework is embedded into custom web applications so its hard for IT managers to know if their application is vulnerable. Here\u2019s where a software bill of goods that details what\u2019s in an application would be useful. Sophos says applying security patches and application updates to sensitive web-facing applications will help, as well as having robust ransomware and malware protection.<\/p>\n<p><strong>Finally<\/strong>, in news only emerging now, police in a number of countries recently arrested 2,000 people accused of being part of call centre and email scams. <a href=\"https:\/\/www.interpol.int\/en\/News-and-Events\/News\/2022\/Hundreds-arrested-and-millions-seized-in-global-INTERPOL-operation-against-social-engineering-scams\" rel=\"noopener\">The Interpol police co-operative said<\/a> this week the two-month operation also froze 4,000 bank accounts and intercepted some US$50 million in illicit funds. One of those arrested was a Chinese national allegedly involved in a Ponzi scam estimated to have defrauded nearly 24,000 people of about US$34 million.<\/p>\n<p>That\u2019s it for now. But remember later today the Week in Review edition will be out. Guest commentator David Shipley and I will scrutinize Canada\u2019s proposed new cybersecurity and data privacy laws.<\/p>\n<p>Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That\u2019s where you\u2019ll also find other stories of mine.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-17-2022-ransomware-could-hit-microsoft-365-files-a-warning-to-web-developers-and-more\/488856\">Cyber Security Today, June 17, 2022 \u2013 Ransomware could hit Microsoft 365 files, a warning to web developers and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on a way ransomware could hit Microsoft 365 files in SharePoint and OneDrive, and a warning to web developers\u00a0 using the Telerik U<\/p>\n","protected":false},"author":17,"featured_media":20701,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-24150","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24150"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24150\/revisions"}],"predecessor-version":[{"id":24243,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24150\/revisions\/24243"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20701"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}