{"id":29251,"date":"2022-10-03T08:22:56","date_gmt":"2022-10-03T12:22:56","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=506199"},"modified":"2022-10-03T09:18:23","modified_gmt":"2022-10-03T13:18:23","slug":"cyber-security-today-oct-3-2022-warnings-to-exchange-and-comm100-administrators-and-how-the-cia-might-have-messed-up","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-oct-3-2022-warnings-to-exchange-and-comm100-administrators-and-how-the-cia-might-have-messed-up\/","title":{"rendered":"Cyber Security Today, Oct. 3, 2022 \u2013 Warnings to Exchange and Comm100 administrators, and how the CIA might have messed up"},"content":{"rendered":"<p data-ar-index=\"0\">Warnings to Exchange and Comm100 administrators, and how the CIA might have messed up.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, October 3rd, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24559797\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\"><strong>Microsoft Exchange administrators<\/strong> should install a script to mitigate two unpatched zero day vulnerabilities in their on-premise email servers. This advice comes after the discovery of the holes by researchers at a Vietnamese firm. <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/09\/30\/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082\/\" rel=\"noopener\">Microsoft says<\/a> the holes affect Exchange Server 2013, 2016 and 2019. The first vulnerability is a server-side request forgery. If an attacker is able to exploit that they can remotely trigger the second vulnerability, which allows remote code execution through Exchange PowerShell. Authenticated access to the vulnerable Exchange Server is necessary to exploit either vulnerability. <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/09\/29\/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server\/\" rel=\"noopener\">Microsoft has released a URL rewrite script<\/a> to mitigate the server-side request forgery. The script is a blocking rule in IIS Manager. The script will be automatically added to customers who have the Exchange Server Mitigation Service enabled. So far, Microsoft says, it has only seen these attacks in 10 organizations. It suspects a nation-state is behind the exploitation.<\/p>\n<p data-ar-index=\"5\"><strong>Administrators of websites<\/strong> that use the Comm100 Live Chat application for customer support should reinstall the application with the latest version. This comes after <a href=\"https:\/\/www.crowdstrike.com\/blog\/new-supply-chain-attack-leverages-comm100-chat-installer\/\" rel=\"noopener\">researchers at CrowdStrike discovered<\/a> the application\u2019s installer was compromised late last month. This supply chain attack would allow a hacker to get into the systems of any of the customers of the Canadian company. Anyone who downloaded Comm100 between September 26th and the 29th \u2014 and possibly earlier \u2014 may have used an infected installer. The installer would have appeared to be legitimate because it had a valid authentication certificate. This is like the SolarWinds Orion attack over a year ago. The report doesn\u2019t explain how Comm100 had its installer compromised. This being Cybersecurity Awareness Month, the report is another reminder to IT and security leaders that cybersecurity includes protecting your application development process.<\/p>\n<p data-ar-index=\"6\"><strong>Here\u2019s another Cybersecurity Awareness Month-related item<\/strong>: At last week\u2019s Virus Bulletin security conference in the Czech Republic <a href=\"https:\/\/www.welivesecurity.com\/2022\/09\/30\/amazon-themed-campaigns-lazarus-netherlands-belgium\/\" rel=\"noopener\">researchers at ESET presented<\/a> a case study of a targeted phishing campaign believed to have been launched a year ago by the North Korean-based Lazarus group. The targets were an employee of an aerospace company in the Netherlands and a political reporter in Belgium. Both were sent emails with infected job offers. The aerospace worker got theirs in an attachment sent by LinkedIn Messaging, the reporter got theirs in an email message. The goal was to exploit a vulnerability in a driver on a Dell computer. The infection route was complex, but for the important thing to me is that it\u2019s another reminder to all employees that any message service can be used to deliver malicious attachments. Don\u2019t be flattered by a job offer or a pitch by a recruiter. Don\u2019t click on any document they send you.<\/p>\n<p data-ar-index=\"7\"><strong>Cybersecurity is apparently<\/strong> important to many Canadian post-secondary students. <a href=\"https:\/\/isacybersecurity.com\/canadian-post-secondary-students-cybersecurity-survey\/\" rel=\"noopener\">According to a recent survey<\/a>, at almost half said their decision to attend a university or college would be affected if the institution had experienced a data breach or had a reputation for weak cybersecurity. Forty-four per cent of respondents said their school doesn\u2019t provide enough training and resources to help ensure students\u2019 personal information is protected from threats. On the other hand only 49 per cent said they follow the guidelines that their academic institutions do put out. The poll was paid for by consulting firm ISA Cybersecurity.<\/p>\n<p data-ar-index=\"8\"><strong>Finally,<\/strong> the U.S. Central Intelligence Agency allegedly wasn\u2019t very intelligent when it created hundreds of websites over a decade ago that its sources could use for communications. That suggestion comes from <a href=\"https:\/\/citizenlab.ca\/2022\/09\/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system\/\" rel=\"noopener\">a new report by researchers at the University of Toronto\u2019s Citizen Lab.<\/a> The websites were in local languages around the world that appeared to be real news, weather, sports and other sites. But the search box on each site was actually a password login box. For security reasons, each site could only be used by one source. However, using archived web pages Citizen Lab figured out the CIA had apparently bought sequential IP addresses to set up this communications network for its agents. Knowing one website was suspect would have logically led to the conclusion that websites with nearby IP addresses were also suspect. Not only that, the report says, certain web design similarities on each site suggested they were created by a single owner. What\u2019s the context of this? In 2018 Yahoo News reported this network was compromised by China and Iran, apparently leading to the arrest and death of residents in those countries recruited to work for the CIA. <a href=\"https:\/\/www.reuters.com\/investigates\/special-report\/usa-spies-iran\/\" rel=\"noopener\">The Reuters news agency just released a more detailed story on this.\u00a0<\/a><\/p>\n<p data-ar-index=\"9\">That\u2019s it for now. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"10\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-oct-3-2022-warnings-to-exchange-and-comm100-administrators-and-how-the-cia-might-have-messed-up\/506199\">Cyber Security Today, Oct. 3, 2022 \u2013 Warnings to Exchange and Comm100 administrators, and how the CIA might have messed up<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on fixes for Exchange Server, the Comm100\u00a0 support chat application, a survey of Canadian post-secondary students&#8217; attitudes towards cybersecurit<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-29251","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=29251"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29251\/revisions"}],"predecessor-version":[{"id":29256,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29251\/revisions\/29256"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=29251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=29251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=29251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}