{"id":24530,"date":"2022-06-27T07:56:04","date_gmt":"2022-06-27T11:56:04","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=490743"},"modified":"2022-06-28T10:17:16","modified_gmt":"2022-06-28T14:17:16","slug":"cyber-security-today-june-27-2022-a-warning-to-firms-using-voip-systems-malicious-files-in-an-open-source-python-registry-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-june-27-2022-a-warning-to-firms-using-voip-systems-malicious-files-in-an-open-source-python-registry-and-more\/","title":{"rendered":"Cyber Security Today, June 27, 2022 \u2013 A warning to firms using VoIP systems, malicious files in an open source Python registry, and more"},"content":{"rendered":"<p>A warning to firms using VoIP systems, malicious files in an open-source Python registry, and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, June 27th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23544323\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Organizations turn to<\/strong> voice-over-IP phone systems as a way of saving money. However, if these systems aren\u2019t properly protected they could be an entry point into internet-connected systems. The latest example is a report<a href=\"https:\/\/www.crowdstrike.com\/blog\/novel-exploit-detected-in-mitel-voip-appliance\/\" rel=\"noopener\"> by researchers at Crowdstrike<\/a> into their discovery earlier this year of an undocumented vulnerability in a VoIP system made by Ottawa\u2019s Mitel Networks. A suspected ransomware threat actor gained initial access to an organization\u2019s network through the Mitel MiVoice Connect appliance using a zero-day vulnerability. Fortunately, the attack was detected and stopped. After being notified, <a href=\"https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-22-0002\" rel=\"noopener\">Mitel issued a critical security advisory in March<\/a> urging administrators to install a patch to close this hole. Crowdstrike waited until now to issue its report on the incident. Two lessons to IT staff: First, security updates on any internet-connected device on your networks \u2014 not just servers and desktops \u2014 have to be patched as soon as possible. Second any internet-connected device \u2014 including VoIP phone systems \u2014 must have anti-virus, anti-malware or firewall protection.<\/p>\n<p><strong>Here\u2019s another example<\/strong> of why application developers shouldn\u2019t automatically trust code posted to open source libraries. <a href=\"https:\/\/blog.sonatype.com\/python-packages-upload-your-aws-keys-env-vars-secrets-to-web\" rel=\"noopener\">Researchers at Sonatype<\/a> recently discovered five suspicious if not malicious Python packages in the open source PyPi registry. If included in an application some of them could steal Amazon AWS credentials and other information included in software. Sonatype reported its findings to PyPi and the packages have been removed. If you\u2019re worried about whether these libraries are in your application there\u2019s a link to the Sonatype report in the text version of this podcast at ITWorldCanada.com. Developers who use open source packages should research and scan any code they download.<\/p>\n<p><strong>A hacker claims<\/strong> they have already broken into and are selling access to 50 IT networks of organizations that have unpatched versions of Atlassian\u2019s Confluence collaboration suite. <a href=\"https:\/\/therecord.media\/hacker-selling-access-to-50-vulnerable-networks-through-atlassian-vulnerability\" rel=\"noopener\">According to the security news site called The Record<\/a>, researchers at Rapid7 found an access broker on a Russian-language criminal forum selling access to the organizations. All of them are allegedly in the U.S. I reported earlier about this particular vulnerability and that a patch has been issued. If your organization uses Confluence and hasn\u2019t installed the patch, do it now \u2014 and scan your entire IT environment for possible compromise.<\/p>\n<p><strong>Finally,<\/strong> there are many ways of tricking victims into clicking on email attachments that hide malware. One of the latest was<a href=\"https:\/\/asec.ahnlab.com\/en\/35822\/\" rel=\"noopener\"> discovered by researchers at a South Korean firm called ASEC.<\/a> A victim received an email alleging their firm has violated another company\u2019s copyright. The evidence was supposedly in an attached PDF. What that attachment really does is install the LockBit ransomware. While this scam is being tried in Korean, it could easily be used in any language. In fact the report notes this isn\u2019t the first attempt at spreading malware through copyright infringement threats. IT leaders should ensure employees are trained to send any legal threat to the legal department. Staff in the legal department need be trained to consult with IT security staff before clicking on attachments.<\/p>\n<p>That\u2019s it for now Remember links to details about podcast stories are in the text version at <em>ITWorldCanada.com.<\/em><\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-27-2022-a-warning-to-firms-using-voip-systems-malicious-files-in-an-open-source-python-registry-and-more\/490743\">Cyber Security Today, June 27, 2022 \u2013 A warning to firms using VoIP systems, malicious files in an open source Python registry, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the danger of unprotected VoIP appliances, vulnerable packages in the PyPi repository and access to compromised Atlassian Confluence systems<\/p>\n","protected":false},"author":17,"featured_media":20700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-24530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24530"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24530\/revisions"}],"predecessor-version":[{"id":24638,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24530\/revisions\/24638"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20700"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}