{"id":35398,"date":"2023-02-10T15:56:40","date_gmt":"2023-02-10T20:56:40","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=526359"},"modified":"2023-02-14T09:36:30","modified_gmt":"2023-02-14T14:36:30","slug":"cyber-security-today-week-in-review-for-friday-february-10-2023","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-february-10-2023\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, February 10, 2023"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 10th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25884990\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">In a few minutes Terry Cutler of Montreal\u2019s <a href=\"https:\/\/www.cyologylabs.com\/?r_done=1\" rel=\"noopener\">Cyology Labs<\/a> will be here to discuss recent news. But first a look back at some of the headlines from the past seven days:<\/p>\n<p data-ar-index=\"3\"><strong>A security researcher<\/strong> <a href=\"https:\/\/eaton-works.com\/2023\/02\/06\/toyota-gspims-hack\" rel=\"noopener\">discovered several vulnerabilities<\/a> in Toyota\u2019s supplier website that gave access to \u2026 everything. Terry and I will talk about how this happened.<\/p>\n<p data-ar-index=\"4\">We\u2019ll delve into the <strong>rush to protect servers<\/strong> running unpatched and outdated versions of VMware\u2019s ESXi hypervisor <a href=\"https:\/\/www.darkreading.com\/cloud\/ongoing-vmware-esxi-ransomware-attack-virtualization-risks\" rel=\"noopener\">from ransomware<\/a>, and ask why are companies running old applications.<\/p>\n<p data-ar-index=\"5\">Lists of some 20 million customers who used two U.S. companies for background checks of employers and individuals are being pedalled by crooks. Terry and I will have something to say about that.<\/p>\n<p data-ar-index=\"6\">And we\u2019ll look at a suggestion <a href=\"https:\/\/www.itworldcanada.com\/article\/give-tax-break-so-small-canadian-firms-can-invest-in-cybersecurity-parliament-told\/526227\" rel=\"noopener\">the Canadian government offer tax breaks<\/a> to encourage small businesses to spend more on cybersecurity.<\/p>\n<p data-ar-index=\"7\">In other news, IT administrators whose firms use open-source and free versions of certain document management systems <strong>were warned of vulnerabilities<\/strong>. <a href=\"https:\/\/www.securityweek.com\/20-million-users-impacted-by-data-breach-at-instant-checkmate-truthfinder\/\" rel=\"noopener\">Researchers at Rapid7 say<\/a> the problems are in on-premise versions of OnlyOffice Workspace, OpenKM, Logical-IDOC and Mayan EDMS. At the time of the recording of this podcast the vendors hadn\u2019t patched the holes. So administrators have to take precautions, some of which are outlined in the Rapid7 report.<\/p>\n<p data-ar-index=\"8\"><strong>The U.S. and the United Kingdom<\/strong> <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy1256\" rel=\"noopener\">have sanctioned<\/a> seven people who they say are members of the Trickbot cybercrime group. The Trickbot malware is widely distributed through botnets and email campaigns. Sometimes its also used to help deploy ransomware. The U.S. says current members of the gang are associated with Russia\u2019s intelligence service. The sanctions mean the seven can\u2019t access any assets they have in the U.S.<\/p>\n<p data-ar-index=\"9\"><strong>A British member of Parliament<\/strong> <a href=\"https:\/\/techcrunch.com\/2023\/02\/08\/seaborgium-cold-river-hacking\/\" rel=\"noopener\">says he fell for a phishing scam.<\/a> Stewart McDonald admitted he opened a message sent to his personal email account with a supposed military update on Ukraine. Clicking on the document opened a form where he filled in his email address and password. The suspicion is a Russian-based group dubbed Seaborgium was behind this attack.<\/p>\n<p data-ar-index=\"10\"><strong>Another DDoS-as-a-service<\/strong> provider has sprung up in Russia. <a href=\"https:\/\/www.radware.com\/getattachment\/6f3d0aa3-250e-45f3-aab2-b7e3908c4afe\/Advisory-Passion-012023.pdf.aspx\" rel=\"noopener\">Researchers at Radware say<\/a> the Passion group is offering denial of service capabilities to Russian hacktivists. The botnet was seen last month attacking hospitals in the U.S., the United Kingdom and several European countries that support Ukraine. It\u2019s another reason for companies in NATO countries to beef up their cybersecurity.<\/p>\n<p data-ar-index=\"11\"><strong>Authorities in<\/strong> the Netherlands, Germany and Poland have dealt another blow to the communication lines of crooks. <a href=\"https:\/\/www.eurojust.europa.eu\/news\/new-strike-against-encrypted-criminal-communications-dismantling-exclu-tool\" rel=\"noopener\">They did it by dismantling the Exclus encrypted messaging system<\/a>, which had an estimated 3,000 users. Forty-five people, including the service\u2019s administrators and owners, were arrested. Two drug laboratories were dismantled and 200 smart phones were also seized. In the past two years European police also shut the Sky ECC and EncroChat encryption services used by crooks.<\/p>\n<p data-ar-index=\"12\"><strong>Atlassian has released<\/strong> fixes <a href=\"https:\/\/confluence.atlassian.com\/jira\/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html\" rel=\"noopener\">to patch a critical vulnerability<\/a> in Jira Service Management Server and Data Center. Versions 5.3 and above have to be patched.<\/p>\n<p data-ar-index=\"13\"><strong>And a 20-year-old man in Australia<\/strong> <a href=\"https:\/\/thehackernews.com\/2023\/02\/sydney-man-sentenced-for-blackmailing.html\" rel=\"noopener\">was sentenced<\/a> to community service for taking advantage of last year\u2019s theft of data from telecom provider Optus. For a brief time that data was publicly available, and this man got hold of some of it. Then he tried to extort people out of money or their personal information would be sold to hackers.<\/p>\n<p data-ar-index=\"14\"><em>(The following is a transcript of one part of our discussion. To hear the entire conversation play the podcast)<\/em><\/p>\n<p data-ar-index=\"15\"><strong>Howard:<\/strong> France and Italy sparked a worldwide ransomware alert about attacks on vulnerable VMware ESXi servers. They include version 7.0, which is supported. But also versions 6.7 and 6.5 which are no longer supported by VMware. Unpatched versions of ESXi are at risk from a targeted ransomware strain dubbed \u2018ESXiArgs.\u2019 The thing is, a patch for the vulnerability was issued two years ago. In theory, no one should be running versions 6.7 and 6.5, let alone unpatched servers. However, the SANS Institute says there are some 300 unsupported or unpatched versions of ESXi out there. Another source says the number is more like 2,400. Terry, what\u2019s worse: Organizations running unpatched severs or running non-supported software?<\/p>\n<p data-ar-index=\"16\"><strong>Terry Cutler:<\/strong> I think the problem is more around how critical the guests that are running on these [virtual] hosts. As you know, we do a lot of work in health care and a lot of these guests have to be up 24\/7, 365 days a year. If you try to update the VMware host it usually requires a reboot, which would shut down all the guests that are running on the host. Gawd forbid there\u2019s a problem with with upgrade and the host doesn\u2019t come back up, that means the company is down. Most IT admins are scared of this. I\u2019ve been there. I know the pressure when a system doesn\u2019t come back online and management is breathing down your neck and all you could tell them is, \u201c10 more minutes! Ten more minutes, I promise it\u2019ll be up!\u201d Also, the fact that it ] is on the Linux operating system, most IT managers believe that Linux is never going to get hacked, so they leave it unpatched.<\/p>\n<p data-ar-index=\"17\"><strong>Howard:<\/strong> The good news is the U.S. Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2023\/02\/07\/cisa-releases-esxiargs-ransomware-recovery-script\" rel=\"noopener\">issued a recovery script<\/a> for victims of this strain of ransomware. The bad news is, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery\/\" rel=\"noopener\">according to a story on the Bleeping Computer news site<\/a>, is that the crooks behind this particular ransomware strain quickly issued a new version that apparently gets around the fix that. The recovery script works for the original strain of ransomware, but not version two.<\/p>\n<p data-ar-index=\"18\"><strong>Terry:<\/strong> It is some great news. But then again I think a lot of this could be prevented by running some free vulnerability tools that will help discover what assets are on your network and what\u2019s vulnerable. As I mentioned countless times, if your systems are exposed to the internet and they\u2019re vulnerable they will be exploited. The biggest concern that I see is that most companies don\u2019t even know what assets they have or what\u2019s exposed, and that\u2019s why they need to team up with cyber security experts that will come in and assess that for them and give their risk level.<\/p>\n<p data-ar-index=\"19\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-february-10-2023\/526359\">Cyber Security Today, Week in Review for Friday, February 10, 2023<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features discussion on ransomware attacks on VMware servers, holes found in Toyota&#8217;s supplier porta<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35398","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35398"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35398\/revisions"}],"predecessor-version":[{"id":35534,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35398\/revisions\/35534"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}