{"id":34186,"date":"2023-01-18T09:52:17","date_gmt":"2023-01-18T14:52:17","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=522553"},"modified":"2023-01-19T11:26:14","modified_gmt":"2023-01-19T16:26:14","slug":"cyber-security-today-jan-18-2023-data-hacked-of-nissan-owners-a-github-vulnerability-alert-holes-in-gitlab-found-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-jan-18-2023-data-hacked-of-nissan-owners-a-github-vulnerability-alert-holes-in-gitlab-found-and-more\/","title":{"rendered":"Cyber Security Today, Jan. 18, 2023 -Data hacked of Nissan owners, a GitHub vulnerability alert, holes in GitLab found and more"},"content":{"rendered":"<p data-ar-index=\"0\">Data of hacked Nissan stolen, a GitHub vulnerability alert, holes in GitLab found and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, January 18th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25639602\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>The North American division of carmaker Nissan<\/strong> is blaming a data breach at an outside application developer for the theft of the personal data of almost 18,000 vehicle owners. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/974df16b-fe59-4065-b707-b0cec26ba38d.shtml\" rel=\"noopener\">The carmaker said<\/a> it gave the developer customer data for application testing. That data was unintentionally and temporarily put in a cloud storage website, which apparently was hacked. While the information didn\u2019t include customers\u2019 Social Security or credit card numbers, it did include names and dates of birth. That could be used for creating fake ID. The hack happened sometime before June 21st last year. In September Nissan verified data was copied. Victims are only now being notified.<\/p>\n<p data-ar-index=\"4\">This isn\u2019t the first data problem Nissan has suffered. In December, 2017 Nissan Canada admitted information of over 1 million Canadian vehicle buyers who used its financing divisions had their personal information stolen.<\/p>\n<p data-ar-index=\"5\"><strong>Application developers using GitHub\u2019s Codespaces<\/strong> feature are being urged to lock down their projects after the discovery of a serious vulnerability. Codespaces allow developers to create, edit, and run code directly from their web browser within a virtual machine. Developers can work on the same project from any device without worrying about differences in local setups. To make it work Codespaces allows developers to share forwarded ports from the virtual machine. However, <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/abusing-github-codespaces-for-malware-delivery.html\" rel=\"noopener\">researchers at Trend Micro found<\/a> that if application ports are shared without authentication attackers can get inside and host malicious content. <a href=\"https:\/\/docs.github.com\/en\/codespaces\/codespaces-reference\/security-in-github-codespaces\" rel=\"noopener\">Codespaces users need to follow GitHub\u2019s protection rules<\/a> and create strong access passwords protected with two-factor authentication.<\/p>\n<p data-ar-index=\"6\"><strong>More warnings for developers:<\/strong> <a href=\"https:\/\/about.gitlab.com\/releases\/2023\/01\/17\/critical-security-release-gitlab-15-7-5-released\/#:~:text=our%20blog%20post.-,Recommended%20Action,-We%20strongly%20recommend\" rel=\"noopener\">GitLab is urging users of its Community and Enterprise editions<\/a> to upgrade to the latest versions. This comes after the <a href=\"https:\/\/x41-dsec.de\/security\/research\/news\/2023\/01\/17\/git-security-audit-ostif\/\" rel=\"noopener\">discovery of vulnerabilities by a team of researchers<\/a>. Git is a distributed application version control system that allows developers to collaborate on software development. The most severe issue discovered allows an attacker to trigger a heap-based memory corruption during clone or pull operations, which might result in a hacker running code.<\/p>\n<p data-ar-index=\"7\"><strong>A ransomware attack<\/strong> on a Norwegian ship management software company has stopped the suite\u2019s online connectivity to 1,000 vessels. This is because the firm, called DNV, <a href=\"https:\/\/www.dnv.com\/news\/cyber-attack-on-shipmanager-a-dnv-software-237552\" rel=\"noopener\">had to shut its servers<\/a> earlier this month as a result of the attack. Vessels using DNV ShipManager suite can still use the application offline. As of the recording of this podcast there was no indication from the company when its servers will be back online.<\/p>\n<p data-ar-index=\"8\"><strong>Finally,<\/strong> database administrators who oversee GE Proficy Historian servers are being warned to upgrade to version 2023. This follows<a href=\"https:\/\/claroty.com\/team82\/research\/hacking-ics-historians-the-pivot-point-from-it-to-ot\" rel=\"noopener\"> the discovery by researchers at Claroty<\/a> of five vulnerabilities in the data management suite. Historian software collects and analyzes data from industrial control systems. That data can be of interest to hackers, or an attacker that wants to sabotage the company. But if the servers link to the IT network they can also be a pivot point for hackers into the business side of the firm. The discovery of the holes in the GE product is a reminder IT and security administrators must make sure historian servers are locked down and can\u2019t be used to get into the IT network.<\/p>\n<p data-ar-index=\"9\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com.<\/p>\n<p data-ar-index=\"10\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-18-2023-data-hacked-of-nissan-owners-a-github-vulnerability-alert-holes-in-gitlab-found-and-more\/522553\">Cyber Security Today, Jan. 18, 2023 -Data hacked of Nissan owners, a GitHub vulnerability alert, holes in GitLab found and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nissan North America blames external software developer for mistake leading to the theft of customer data it sent the company for applicati<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-34186","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=34186"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34186\/revisions"}],"predecessor-version":[{"id":34240,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34186\/revisions\/34240"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=34186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=34186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=34186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}