{"id":31473,"date":"2022-11-18T07:57:16","date_gmt":"2022-11-18T12:57:16","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=513913"},"modified":"2022-11-18T10:15:40","modified_gmt":"2022-11-18T15:15:40","slug":"cyber-security-today-nov-18-2022-a-warning-about-amazon-rds-snapshots-a-new-ransomware-strain-found-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-nov-18-2022-a-warning-about-amazon-rds-snapshots-a-new-ransomware-strain-found-and-more\/","title":{"rendered":"Cyber Security Today, Nov. 18, 2022 \u2013 A warning about Amazon RDS snapshots, a new ransomware strain found, and more"},"content":{"rendered":"<p data-ar-index=\"0\">A warning about Amazon RDS snapshots, a new ransomware strain found, and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Friday, November 18th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25056297\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Organizations using<\/strong> Amazon\u2019s relational database-as-a-service \u2014 known as RDS \u2014 are being warned that improperly secured snapshot backups can be a source of personal information for hackers. The warning <a href=\"https:\/\/www.mitiga.io\/blog\/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots\" rel=\"noopener\">comes from researchers at Mitiga<\/a>, who found a way to scan, clone and extract sensitive data from RDS snapshots. Administrators usually store these snapshots in a separate database. But if that database is exposed to the internet or shared with someone the snapshots could be copied by a hacker. Worse, the researchers said, with some work a hacker could figure out where the snapshot came from and threaten to release the data unless the organization pays them off. In doing their work the researchers found 2,783 snapshots around the world, 810 of which were publicly accessible. Mitiga says RDS administrators and users should take care to securely configure and encrypt these snapshots.<\/p>\n<p data-ar-index=\"4\"><strong>Just over a year ago<\/strong> IT and security leaders were warned to patch the Log4Shell vulnerability in applications using the log4j2 logging library.<a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-320a\" rel=\"noopener\"> This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned<\/a> IT and security leaders to make sure all their systems are patched for this hole. They issued that alert after finding suspected Iranian government-sponsored threat actors used that vulnerability last February to compromise a federal organization through an unpatched VMware Horizon server. The attackers used their access to get to the organization\u2019s domain controller, compromised credentials and then implanted reverse proxies on several hosts to maintain persistence. The alert urges administrators with VMware Horizon that didn\u2019t immediately install patches or workarounds to assume they\u2019ve been compromised and take action.<\/p>\n<p data-ar-index=\"5\"><strong>Separately,<\/strong> <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/11\/17\/stopransomware-hive\" rel=\"noopener\">the CISA issued a background paper<\/a> on the tactics of the Hive ransomware gang. Security teams can use the information to look for indicators of compromise.<\/p>\n<p data-ar-index=\"6\"><strong>Meanwhile,<\/strong> researchers at Blackberry have identified a new strain of ransomware they call ARCrypter. First seen hitting organizations in Chile and Columbia in August, BlackBerry says victims in Canada and China have uploaded examples with similar code to the VirusTotal scanner for examination. That suggests those behind this strain of ransomware are going after organizations around the world.<\/p>\n<p data-ar-index=\"7\"><strong>Hackers are still using<\/strong> old tricks to fool unsuspecting victims. One of them is an email or text that says something like, \u2018We noticed an unusual login on your account. Please click here to secure the account.\u2019 Clicking takes the victim to a fake website where they are asked to log in to confirm or change their username and password. The goal is to steal those credentials. In a blog this week <a href=\"https:\/\/www.armorblox.com\/blog\/instagram-credential-phishing-email-attack\" rel=\"noopener\">researchers at Armorblox said<\/a> crooks recently tried to send a message like that to students at an unnamed educational institution. The message looked like it came from Instagram. If you get a message like this, ignore it. Legitimate companies don\u2019t send messages this way. Instead they\u2019ll tell you to go to the application\u2019s login page the way you usually do to check or change a password.<\/p>\n<p data-ar-index=\"8\"><strong>Finally,<\/strong> if you use the Firefox browser make sure it\u2019s running the latest version. An update was released this week that patches a number of vulnerabilities. You should be on version 107.<\/p>\n<p data-ar-index=\"9\">Later today the Week in Review edition of the podcast will be available. Guest David Shipley and I will discuss what organizations hit by a cyber attack should say publicly.<\/p>\n<p data-ar-index=\"10\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"11\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-nov-18-2022-a-warning-about-amazon-rds-snapshots-a-new-ransomware-strain-found-and-more\/513913\">Cyber Security Today, Nov. 18, 2022 \u2013 A warning about Amazon RDS snapshots, a new ransomware strain found, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the risks of misconfigured, a warning on the Log4Shell vulnerability, ransomware report<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-31473","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31473","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=31473"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31473\/revisions"}],"predecessor-version":[{"id":31477,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/31473\/revisions\/31477"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=31473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=31473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=31473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}