{"id":28363,"date":"2022-09-14T08:30:17","date_gmt":"2022-09-14T12:30:17","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=502838"},"modified":"2022-09-14T15:07:56","modified_gmt":"2022-09-14T19:07:56","slug":"cyber-security-today-sept-14-2022-windows-patches-a-warning-to-medical-it-administrators-a-mitel-voip-vulnerability-being-exploited-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-sept-14-2022-windows-patches-a-warning-to-medical-it-administrators-a-mitel-voip-vulnerability-being-exploited-and-more\/","title":{"rendered":"Cyber Security Today, Sept. 14, 2022 \u2013 Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more"},"content":{"rendered":"<p data-ar-index=\"0\">The latest news on Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, September 14th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for<em> ITWorldCanada.com.<\/em><\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24365754\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Yesterday was Patch Tuesday<\/strong>, the day Microsoft and Adobe released security updates for Windows and other products. IT administrators should note one patch fixes an escalation of privilege vulnerability that could be leveraged by an attacker that already has access to a server. The vulnerability would allow them to get System privileges. <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2022\/9\/13\/the-september-2022-security-update-review\" rel=\"noopener\">Trend Micro\u2019s Zero Day Initiative says<\/a> that of the 64 new vulnerabilities patched, five are rated critical and 57 are rated as important.<\/p>\n<p data-ar-index=\"4\">Your personal computer should be set to receive updates automatically, but it doesn\u2019t hurt to check by going to the Windows Update section of your PC.<\/p>\n<p data-ar-index=\"5\"><strong>IT security leaders<\/strong> are increasingly cutting the number of vendors they buy products from. According to Gartner, three-quarters of organizations it recently surveyed said they have a strategy of security vendor consolidation. Fifty-seven per cent of respondents said their organizations are working with fewer than 10 vendors for their security needs. Why the vendor consolidation? Because security leaders aren\u2019t happy with operational inefficiencies and the lack of product integration, says Gartner.<\/p>\n<p data-ar-index=\"6\"><strong>Unpatched<\/strong> internet-connected medical devices running on outdated software are increasingly being exploited by threat actors. <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/220912.pdf\" rel=\"noopener\">That\u2019s according to the FBI<\/a>. This week it warned patient safety and the confidentiality of personal health data is at risk. Routine challenges include securely configuring medical devices, devices that lack security features and devices with customized software that needs special patching procedures. Devices at risk include insulin pumps, intracardiac defibrillators, pacemakers and pumps that deliver pain medication. A recent research report conducted by a cybersecurity firm found 53 per cent of connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities, the report points out. The FBI urges medical IT administrators to protect connected devices with antivirus software if possible, to encrypt medical device data and to ensure devices can only be accessed through complex passwords. If a device is disconnected from an IT network for service there has to be integrity verification before it is re-connected.<\/p>\n<p data-ar-index=\"7\"><strong>A vulnerability<\/strong> in Mitel\u2019s MiVoice VoIP appliance used by businesses is being exploited by a ransomware group. <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/lorenz-ransomware-chiseling-in\/\" rel=\"noopener\">Researchers at Arctic Wolf said<\/a> a threat actor recently deployed the Lorenz ransomware on a victim after leveraging Microsoft\u2019s BitLocker Drive Encryption to scramble the organization\u2019s data. Monitoring critical assets alone is not enough to protect against cyber attacks, the report warns. Security teams should monitor all externally facing devices for potential malicious activity, including voice-over-IP telephony applications and IoT devices.<\/p>\n<p data-ar-index=\"8\"><strong>Truck rental agency<\/strong> U-Haul says a hacker got hold of the names and driver\u2019s licence numbers of customers who rented vehicles between November 5th of last year and April 5th of this year. They did it by compromising two unique passwords. That enabled the hacker to access a customer contract search tool. In a copy of a letter being sent to affected customers and<a href=\"https:\/\/media.dojmt.gov\/wp-content\/uploads\/Consumer-Notification-Letter-555.pdf\" rel=\"noopener\"> filed with the State of Montana<\/a>, U-Haul isn\u2019t saying how the passwords were compromised, nor how many customers were affected.<\/p>\n<p data-ar-index=\"9\"><strong>Finally<\/strong>, Apple released iOS 16 for iPhones and iPads, as well as a number of security patches for earlier releases. <a href=\"https:\/\/www.wired.com\/story\/apple-ios-16-safety-check-lockdown-mode\/\" rel=\"noopener\">iOS 16 includes Lockdown Mode<\/a>, for executives, reporters and others worried about targeted attacks. It restricts certain non-essential features so there are fewer ways an attacker can compromise a device.<\/p>\n<p data-ar-index=\"10\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"11\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-sept-14-2022-windows-patches-a-warning-to-medical-it-administrators-a-mitel-voip-vulnerability-being-exploited-and-more\/502838\">Cyber Security Today, Sept. 14, 2022 \u2013 Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on CISOs cutting back on the number of security vendors they buy from, unsecured medical devices, Windows update<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-28363","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=28363"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28363\/revisions"}],"predecessor-version":[{"id":28378,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28363\/revisions\/28378"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=28363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=28363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=28363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}