{"id":28901,"date":"2022-09-23T08:40:01","date_gmt":"2022-09-23T12:40:01","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=504385"},"modified":"2022-09-23T10:24:10","modified_gmt":"2022-09-23T14:24:10","slug":"cyber-security-today-sept-23-2022-how-a-lack-of-mfa-contributed-to-a-hack","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-sept-23-2022-how-a-lack-of-mfa-contributed-to-a-hack\/","title":{"rendered":"Cyber Security Today, Sept. 23, 2022 \u2013 How a lack of MFA contributed to a hack"},"content":{"rendered":"<p data-ar-index=\"0\">A lack of multifactor authentication led to a company\u2019s email system being hacked, says Microsoft.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Friday, September 23rd, 2022 I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24463212\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Here\u2019s more evidence<\/strong> of the risks of not having multifactor authentication: <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/09\/22\/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam\/\" rel=\"noopener\">Microsoft says<\/a> a threat actor was recently able to compromise global administrator accounts of an Azure Active Directory at an unnamed organization using credential stuffing attacks. The accounts weren\u2019t protected with multifactor authentication, which Microsoft says would have stopped the attack. After gaining access the hacker created a malicious OAuth application to get control of the organization\u2019s Exchange email system. From there the attacker sent spam emails that looked like they came from the victim organization. Judging from an image in the Microsoft report, the emails pretended to be from Walmart. The phony message said the recipient had been chosen for the retailer\u2019s loyalty program, promising a free iPhone 14 Max for completing a survey. All the victim had to do was provide credit card information. In the fine print the message said the victim would be charged fees to enter a sweepstake for the prize.<\/p>\n<p data-ar-index=\"4\">Multifactor authentication can be bypassed, but if properly overseen it provides good protection for logins. Microsoft says other techniques including having conditional access policies would also have blunted this kind of attack.<\/p>\n<p data-ar-index=\"5\"><strong>A critical template vulnerability<\/strong> in the Magento 2 e-commerce platform is increasingly being exploited. That warning comes <a href=\"https:\/\/sansec.io\/research\/magento-2-template-attacks\" rel=\"noopener\">from researchers at Sansec<\/a>. They urge administrators of sites that use Magento to quickly install a patch to close this hole if they haven\u2019t already done so. Adobe issued that patch in February, when word of this vulnerability was released.<\/p>\n<p data-ar-index=\"6\"><strong>The crooks behind<\/strong> the BlackCat\/AlphV ransomware have been using new tactics, tools and procedures, <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/noberus-blackcat-ransomware-ttps\" rel=\"noopener\">say researchers at Symantec<\/a>. In a report released Thursday researchers say this group is using a new version of the Exmatter data exfiltration tool as well as EM-FO [[Eamfo]], an information stealing malware that looks for passwords stored by the Veeam backup software. A link to the full report and indicators of compromise is in the text version of this podcast at ITWorldCanada.com.<\/p>\n<p data-ar-index=\"7\"><strong>Attention Windows administrators:<\/strong> Microsoft has released an out-of-band security update to address a spoofing vulnerability in recent versions of Endpoint Configuration Manager. This tool is used to deploy apps, software updates, and operating systems. An attacker could exploit this vulnerability to obtain sensitive information.<a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/09\/21\/microsoft-releases-out-band-security-update-microsoft-endpoint\" rel=\"noopener\"> The U.S. Cybersecurity and Infrastructure Security Agency encourages<\/a> users and administrators to review Microsoft\u2019s Security Advisory for this hole and apply the necessary updates.<\/p>\n<p data-ar-index=\"8\"><strong>Attention Red Hat Linux administrators:<\/strong> The company has published security advisories to address vulnerabilities in several products. These include Red Hat Enterprise Linux, Red Hat Enterprise Linux Server and Red Hat CodeReady Linux Builder. <a href=\"https:\/\/cyber.gc.ca\/en\/alerts-advisories\/red-hat-security-advisory-av22-532\" rel=\"noopener\">The Canadian Centre for Cyber Security encourages<\/a> users and administrators to apply the necessary updates.<\/p>\n<p data-ar-index=\"9\">That\u2019s it for this morning. But later today the Week in Review edition will be available. Guest commentator David Shipley of Beauceron Security will talk about insider threat awareness month, the latest Uber hack and the $35 million fine to Morgan Stanley\u2019s investment division.<\/p>\n<p data-ar-index=\"10\">Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p data-ar-index=\"11\">You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-sept-23-2022-how-a-lack-of-mfa-contributed-to-a-hack\/504385\">Cyber Security Today, Sept. 23, 2022 \u2013 How a lack of MFA contributed to a hack<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports the value of multifactor authentication, news about new security patches for Red Hat Linux and Windows, an update on the BlackCat ransomware gan<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-28901","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=28901"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28901\/revisions"}],"predecessor-version":[{"id":28904,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28901\/revisions\/28904"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=28901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=28901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=28901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}