{"id":35143,"date":"2023-02-06T08:08:52","date_gmt":"2023-02-06T13:08:52","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=525582"},"modified":"2023-02-07T10:56:35","modified_gmt":"2023-02-07T15:56:35","slug":"cyber-security-today-feb-6-2023-ransomware-is-targeting-vmwares-hypervisor-hospitals-are-attacked-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-feb-6-2023-ransomware-is-targeting-vmwares-hypervisor-hospitals-are-attacked-and-more\/","title":{"rendered":"Cyber Security Today, Feb. 6, 2023 \u2013 Ransomware is targeting VMware\u2019s hypervisor, hospitals are attacked and more"},"content":{"rendered":"<p data-ar-index=\"0\">Ransomware is targeting VMware\u2019s hypervisor, hospitals are attacked and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, February 6th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25835925\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Ransomware gangs<\/strong> are going after organizations running unpatched versions of VMware\u2019s ESXi hypervisor. The warning comes <a href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2023-ALE-015\/\" rel=\"noopener\">from France\u2019s computer emergency response team.<\/a> VMware says the problem is in OpenSLP, an open-source component of the hypervisor that has a heap-overflow memory vulnerability. The solution is to i<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0002.html\" rel=\"noopener\">nstall updates as soon as possible<\/a> to plug this hole. Patches were available two years ago. VMware also recommends disabling the OpenSLP service if it isn\u2019t being used.<\/p>\n<p data-ar-index=\"4\"><strong>Update:<\/strong> Italy\u2019s national broadcaster,<a href=\"https:\/\/www.rainews.it\/articoli\/2023\/02\/agenzia-per-la-cybersicurezza-e-in-corso-un-massiccio-attacco-hacker-014f5925-0bbf-4ad0-b569-c81d4325ae47.html\" rel=\"noopener\"> RAI, said government officials were to meet Monday<\/a> to discuss a warning about this vulnerability from the computer security incident response team of the country\u2019s National Cybersecurity Agency (ACN). It issued an alert about \u201cmassive\u201d network exploitation. The ACN technicians have already surveyed\u00a0\u201cseveral dozen probably compromised national systems, RAI said.<\/p>\n<p data-ar-index=\"5\"><strong>Breaking news: The top U.S. cyber diplomat says one of his Twitter accounts was hacked. <a href=\"https:\/\/www.cnn.com\/2023\/02\/05\/politics\/nate-fick-twitter-hack-cybersecurity\/index.html\" rel=\"noopener\">According to CNN,<\/a> Nate Fick, the American \u201cambassador-at-large\u201d for cyberspace and digital policy, used his personal Twitter account to announce the news.<\/strong><\/p>\n<p data-ar-index=\"6\"><strong>Two American companies<\/strong> offering businesses and individuals the ability to check public records on customers, friends or anyone have admitted they were hacked recently. These background check online services, owned by the same firm, are <a href=\"https:\/\/www.truthfinder.com\/security-incident-alert\/\" rel=\"noopener\">Truthfinder<\/a> and <a href=\"https:\/\/www.instantcheckmate.com\/security-incident-alert\/\" rel=\"noopener\">Instant Checkmate<\/a>. Lists of people using either service between 2011 and 2019 were copied. The data includes subscribers\u2019 names, emails, and telephone numbers in some instances, as well as encrypted passwords and expired and inactive password reset tokens. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/truthfinder-instant-checkmate-confirm-data-breach-affecting-20m-customers\/\" rel=\"noopener\">According to Bleeping Computer<\/a>, this information began being pedalled on a hacking forum on January 21st. It is claimed the combined data is on 20 million people who used the services.<\/p>\n<p data-ar-index=\"7\"><strong>A company that makes<\/strong> mobile apps used by individuals to snoop on their lovers and others will <a href=\"https:\/\/ag.ny.gov\/press-release\/2023\/attorney-general-james-secures-410000-tech-companies-illegally-promoting-spyware\" rel=\"noopener\">have to pay US$410,000 to New York State<\/a> for illegally promoting spyware. The apps were promoted as being legal, but installing these apps without people\u2019s knowledge violates U.S. federal and state laws. In addition to the penalties, the apps have to be modified to alert people that their smartphones are being monitored. The apps being marketed are called Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint and Turbospy.<\/p>\n<p data-ar-index=\"8\"><strong>Your company\u2019s<\/strong> IT hardware and software partners are vital. They are also a possible cybersecurity risk. How big? <a href=\"https:\/\/securityscorecard.com\/blog\/close-encounters-of-the-third-and-fourth-party-kind-blog\" rel=\"noopener\">Researchers at SecurityScorecard figure<\/a> 98 per cent of organizations have a relationship with at least one third-party software supplier that had a data breach in the past two years. Third parties make your business applications. Fourth parties are the thousands of partners these third-party companies have relationships with. The report says half of all organizations have indirect relationships with at least 200 fourth parties that have had breaches in the last two years. Now, these breaches may not have had an effect on your firm. But the point of the report is to make you think about your firm\u2019s indirect exposure to risk. What should your security team be doing? Understanding the cyber risk of your IT partners \u2014 and their partners.<\/p>\n<p data-ar-index=\"9\">Coincidently. the U.S. Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2023\/01\/cisa-establishes-new-office-to-operationalize-supply-chain-security\/\" rel=\"noopener\">just opened<\/a> a cyber supply chain risk management office to help federal departments and agencies with this problem.<\/p>\n<p data-ar-index=\"10\"><strong>Some hackers<\/strong> will go after anything online, including a suicide prevention phone line. The U.S. has acknowledged that a December 1st day-long outage of the American 988 emergency phone system was caused by a cyberattack on the service\u2019s provider. The text and chat service was still available until service was restored. <a href=\"https:\/\/www.securityweek.com\/feds-say-cyberattack-caused-suicide-helplines-outage\/\" rel=\"noopener\">The Associated Press says<\/a> it isn\u2019t publicly known who launched the attack. People in distress in the United States can call 988 and reach a crisis support worker. Last week two members of Congress introduced a bill calling for better co-ordination and reporting of cyberattacks on the 988 system.<\/p>\n<p data-ar-index=\"11\"><strong>Meanwhile,<\/strong> a Tennessee hospital is still recovering from a cyberattack last week. As of Sunday, <a href=\"https:\/\/www.tmh.org\/news\/2023\/tallahassee-memorial-managing-it-security-issue\" rel=\"noopener\">Tallahassee Memorial HealthCare<\/a> was still diverting some emergency patients from the hospital. As a precaution, all IT systems were taken offline Thursday. Also last week a <a href=\"https:\/\/www.wmdt.com\/2023\/01\/atlantic-general-hospital-experiences-ransomware-event\/\" rel=\"noopener\">Maryland TV station reported<\/a> that Atlantic General Hospital suffered a ransomware attack.<\/p>\n<p data-ar-index=\"12\"><strong>Google is still<\/strong> working on a solution to close a vulnerability in managed Chromebook deployments by school boards and organizations. Security researchers at the Mercury Workshop Team found a way users can unenroll their Chromebooks from the Google Admin management suite. That would allow a user to install anything on the computers in violation of corporate rules. The SANS Institute notes that Chromebook administrators will for the time being have to monitor machines to make sure they stay enrolled.<\/p>\n<p data-ar-index=\"13\"><strong>Staying with Google,<\/strong> security <a href=\"https:\/\/www.spamhaus.com\/resource-center\/a-surge-of-malvertising-across-google-ads-is-distributing-dangerous-malware\/\" rel=\"noopener\">researchers at Spamhaus Technology say<\/a> crooks are increasingly suing Google Ads to deliver malware. They\u2019re doing it by creating ads for products like Adobe Reader, Gimp, Microsoft Teams, OBS, Slack and the Thunderbird email client. Unsuspecting people using Google to search for these applications are clicking on the first results, which are Google Ads and not the real home pages of the developers. Victims are ignoring the word \u2018Ad\u2019 beside the link. This is a two-part problem: One is Google \u2014 and other browser makers \u2014 need to scan their ads better. The second is the need for better security awareness training for everyone.<\/p>\n<p data-ar-index=\"14\"><strong>Finally,<\/strong> the cyber attackers who last month stole a subscriber database of the French satirical magazine Charlie Hebdo are based in Iran, <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2023\/02\/03\/dtac-charlie-hebdo-hack-iran-neptunium\/\" rel=\"noopener\">according to Microsoft<\/a>. The group, which calls itself \u2018Holy Souls\u2019, is believed to have attacked the magazine as a response to it starting an international competition for cartoons ridiculing Iran\u2019s Supreme Leader. The threat group has put what they say is a cache of stolen data including names, phone numbers, home addresses and email addresses up for sale on several hacker forums.<\/p>\n<p data-ar-index=\"15\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"16\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-6-2023-ransomware-is-targeting-vmwares-hypervisor-hospitals-are-attacked-and-more\/525582\">Cyber Security Today, Feb. 6, 2023 \u2013 Ransomware is targeting VMware\u2019s hypervisor, hospitals are attacked and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on third-party cybersecurity risks, a warning to managed Chromebook admins, hacks at two U.S. background checking service<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35143","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35143"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35143\/revisions"}],"predecessor-version":[{"id":35146,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35143\/revisions\/35146"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}