{"id":31141,"date":"2022-11-11T08:08:41","date_gmt":"2022-11-11T13:08:41","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=512662"},"modified":"2022-11-11T10:54:23","modified_gmt":"2022-11-11T15:54:23","slug":"cyber-security-today-nov-11-2022-a-new-report-on-phishing-a-warning-of-venus-ransomware-malware-hidden-in-images-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-nov-11-2022-a-new-report-on-phishing-a-warning-of-venus-ransomware-malware-hidden-in-images-and-more\/","title":{"rendered":"Cyber Security Today, Nov. 11, 2022 \u2013 A new report on phishing, a warning of Venus ransomware, malware hidden in images and more."},"content":{"rendered":"<p data-ar-index=\"0\">A new report on phishing, a warning of Venus ransomware, malware hidden in images and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Remembrance Day, November 11th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24974169\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\"><strong>Many advanced email attacks<\/strong> still successfully end with the theft of user credentials or account takeovers. T<a href=\"https:\/\/www.tessian.com\/research\/state-of-email-security-2022\/\" rel=\"noopener\">hat\u2019s according to new research from Tessian<\/a>. The company surveyed 600 IT and security leaders in organizations across the U.S., the U.K., the Middle East and Africa. Seventy-one per cent of respondents said an advanced email attack this year at their organization resulted in an account being taken over. Among other things, 62 per cent of respondents said advanced email threats got past even their secure email gateways and into employee inboxes. Ten per cent of respondents said they received over 450 email-based ransomware attempts since the beginning of the year.<\/p>\n<p data-ar-index=\"5\"><strong>Speaking of email attacks<\/strong>, <a href=\"https:\/\/www.avanan.com\/blog\/how-hackers-target-nations\" rel=\"noopener\">researchers at Avanan<\/a> looked at patterns against the government of an unnamed country in the Western hemisphere with a population under 100,000. They calculate the government sees an average of 93 phishing attacks a day. For some reason, most attacks were directed at the Bureau of Standards.<\/p>\n<p data-ar-index=\"6\"><strong>Hospitals are being warned<\/strong> that new Venus ransomware is circulating. That\u2019s the word f<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/venus-ransomware-analyst-note.pdf\" rel=\"noopener\">rom the U.S. Health Sector Cybersecurity Co-ordination Center<\/a>. It says the strain, discovered in August, has hit at least one healthcare entity in the United States. Unsecured instances of Windows remote desktop protocol are a common way these attackers get into IT systems. RDP must be put behind a firewall.<\/p>\n<p data-ar-index=\"7\"><strong>Computer technical support scams,<\/strong> like crooks pretending to be from Microsoft, continue to victimize people. That came in <a href=\"https:\/\/www.ic3.gov\/Media\/Y2022\/PSA221110\" rel=\"noopener\">a reminder this week from the FBI<\/a>. Scammers email or phone potential victims demanding money to renew a software subscription. When the victim wants to cancel the so-called renewal the crook says there\u2019s a fee, and asks for the victim\u2019s bank information. Remember, any email or phone request that pressures you to act quickly is likely a scam. Never send money on the instructions of someone you have only spoken to online or by phone.<\/p>\n<p data-ar-index=\"8\"><strong>Software companies like adding<\/strong> features to make life easier for customers. Unfortunately sometimes the features come with vulnerabilities. One example is credential roaming, added to Windows 20 years ago. A Russian-based threat group used a hole in credential roaming early this year against a European diplomatic target. <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/apt29-windows-credential-roaming\" rel=\"noopener\">A new report from Mandiant<\/a> goes deeply into what this problem is. Credential roaming allows a digital certificate used for access to roam with an employee. The vulnerability allows a hacker to compromise the system and gain administrative privileges. Microsoft issued a patch in September to fix this. The Mandiant report details how Windows administrators can avoid or fix the problem. There\u2019s a link to it in the text version of this podcast.<\/p>\n<p data-ar-index=\"9\"><strong>Researchers at Avast<\/strong> have added to knowledge about a threat group dubbed Worok, which hides malware in PNG images. In<a href=\"https:\/\/decoded.avast.io\/martinchlumecky\/png-steganography\/\" rel=\"noopener\"> a report released this week<\/a> Avast said the purpose of the malware is to steal data. They think the attackers are somehow exploiting unpatched vulnerabilities called ProxyShell in Microsoft Exchange servers and uploading stolen data to a DropBox cloud storage account. This is a good reason to make sure Exchange servers are fully patched.<\/p>\n<p data-ar-index=\"10\"><strong>Another attacker<\/strong> is also hiding malware in images. One was found recently <a href=\"https:\/\/research.checkpoint.com\/2022\/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi\/\" rel=\"noopener\">by researchers at Check Point Software<\/a> in a software package in the open source PyPI library for developers using the Python programming language. Any developer who downloaded and inserted the package called Apicolor in their application would have it infected with a virus. The package has been deleted from PyPi, but it\u2019s another reason why developers who use open source libraries have to be careful before downloading code, and have it scanned before being inserted into applications.<\/p>\n<p data-ar-index=\"11\">That\u2019s it for now. But later today the Week in Review edition will be available. Terry Cutler of Cyology Labs and I will discuss the latest arrest of a ransomware operative, a cyber insurance settlement and more.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-nov-11-2022-a-new-report-on-phishing-a-warning-of-venus-ransomware-malware-hidden-in-images-and-more\/512662\">Cyber Security Today, Nov. 11, 2022 \u2013 A new report on phishing, a warning of Venus ransomware, malware hidden in images and more.<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new report on phishing, a warning of Venus ransomware, malware hidden in images and more. Welcome to Cyber Security Today. It\u2019s Remembrance Day, November 11th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. \u00a0 Many advanced email attacks still successfully end with the theft of user credentials or account takeovers. That\u2019s according<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-31141","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=31141"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31141\/revisions"}],"predecessor-version":[{"id":31146,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31141\/revisions\/31146"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=31141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=31141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=31141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}