{"id":35467,"date":"2023-02-13T07:50:49","date_gmt":"2023-02-13T12:50:49","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=526994"},"modified":"2023-02-14T09:32:40","modified_gmt":"2023-02-14T14:32:40","slug":"cyber-security-today-feb-13-2023-hole-in-goanywhere-file-transfer-utility-exploited-ransomware-attacks-in-the-u-s-and-israel-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-feb-13-2023-hole-in-goanywhere-file-transfer-utility-exploited-ransomware-attacks-in-the-u-s-and-israel-and-more\/","title":{"rendered":"Cyber Security Today, Feb. 13, 2023 \u2013 Hole in GoAnywhere file transfer utility exploited, ransomware attacks in the U.S. and Israel, and more"},"content":{"rendered":"<p data-ar-index=\"0\">A hole in the GoAnywhere file transfer utility is exploited, ransomware attacks in the U.S. and Israel, and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, February 13th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\">&amp;nbsp<br \/>\n<iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25904205\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe>;<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>The Clop ransomware gang is back.<\/strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day\/\" rel=\"noopener\"> According to Bleeping Computer,<\/a> the gang says it recently stole data from over 130 organizations that use the GoAnywhere MFT file transfer utility. At risk are IT environments that exposed the tool\u2019s administrative console to the internet, allowing a vulnerability to be exploited. The news report says Clop claims they didn\u2019t encrypt data, only stole files. The claims couldn\u2019t be verified. Forta, the company that develops GoAnywhere MFT, issued an emergency security update last Tuesday for on-premise versions of the utility, and one on Thursday for those using the cloud version.<\/p>\n<p data-ar-index=\"4\"><strong>That vulnerability has been added<\/strong> to the Known Exploited Vulnerabilities Catalog kept by the U.S. Cybersecurity and Infrastructure Security Agency. Also just added to the catalog is <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00051.html\" rel=\"noopener\">a hole in Intet\u2019s Ethernet Diagnostics Driver for Windows,<\/a> and <a href=\"https:\/\/forum.terra-master.com\/en\/viewtopic.php?t=3030\" rel=\"noopener\">a vulnerability in TerraMaster\u2019s OS operating system<\/a> for its data storage solutions. Patches for these holes are available.<\/p>\n<p data-ar-index=\"5\"><strong>The city of Oakland, California<\/strong> is recovering from <a href=\"https:\/\/www.oaklandca.gov\/news\/2023\/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected\" rel=\"noopener\">a ransomware attack last week<\/a>. While its website is now up the city took affected systems offline. Core functions including 911 service, fire and emergency resources and municipal financial data were not affected. However, non-emergency systems including voicemail may be impacted.<\/p>\n<p data-ar-index=\"6\"><strong>The Israel Institute of Technology<\/strong> \u2014 more commonly known as the Technion \u2014 was the victim of a ransomware attack over the weekend. <a href=\"https:\/\/www.jpost.com\/breaking-news\/article-731327\" rel=\"noopener\">According to the Jerusalem Post<\/a> a hacker or hackers are demanding 80 bitcoin, worth about $2 million, to unscramble stolen data. <a href=\"https:\/\/www.databreaches.net\/technion-university-hacked-and-locked-previously-unknown-attackers-demand-80-btc\/\" rel=\"noopener\">The news site DataBreaches.net says<\/a> the ransom note claims all of the Technion\u2019s data is encrypted. That hasn\u2019t been verified. No one knows anything about the group claiming responsibility, which calls itself DarkBit. The ransom note says someone should pay for occupation and crimes against humanity. But it also talks about the firing of high-skilled experts. The Jerusalem Post quotes the Israel National Cyber Directorate saying last year there were 53 cyber attacks last year on higher education institutions in the country.<\/p>\n<p data-ar-index=\"7\"><strong>In California,<\/strong> more than three million patients of four medical groups that suffered ransomware attacks late last are receiving data breach notification letters. According to The Register, the four are Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group and Greater Covinia Medical. All are associated with the Heritage Provider Network. Some of the stolen data might have included patients\u2019 names, dates of birth, Social Security numbers and medical records.<\/p>\n<p data-ar-index=\"8\"><strong>A now-closed<\/strong> Virginia university is notifying more than 78,000 students and employees of a data breach last August. At the time the REvil ransomware gang <a href=\"https:\/\/www.databreaches.net\/stratford-university-discloses-ransomware-attack-but-which-ransomware-attack\/\" rel=\"noopener\">was one of three groups claiming responsibility<\/a> for attacking Stratford University. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/83452cdc-de1a-44f1-9058-1619e0c3c6bf.shtml\" rel=\"noopener\">According to a copy of the letter being sent to those affected,<\/a> an attacker obtained some school data, including information from the student database.<\/p>\n<p data-ar-index=\"9\"><strong>A North Carolina software company<\/strong> that provides solutions to the healthcare sector is notifying more than 11,000 patients of a data breach. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/0c242102-7e6d-455a-86ec-9bcc75a71b36.shtml\" rel=\"noopener\">Intelligent Business Solutions says<\/a> in November it detected its network had been infected with malware that prevented access to data on certain IT systems. Data copied included patient names, Social Security numbers, dates of birth and medical information.<\/p>\n<p data-ar-index=\"10\"><strong>Canadian bookstore chain Indigo<\/strong> is still dealing with last week\u2019s cyber attack. On Sunday, when this podcast was recorded, the company\u2019s website was still offline. Stores were open. At first, purchasers were only able to pay for items in cash. Now they can use credit and debit cards. However, customers still can\u2019t use gift cards or return purchases. Shoppers are urged not to log into any site that claims to be Indigo Books.<\/p>\n<p data-ar-index=\"11\"><strong>Finally,<\/strong> don\u2019t forget not only is tomorrow Valentine\u2019s Day, it\u2019s also Patch Tuesday, when Microsoft and many major companies release security updates. However, those with SonicWall devices using Capture Client might want to hold off installing Windows 11 updates. That\u2019s because<a href=\"https:\/\/www.sonicwall.com\/support\/product-notification\/limitation-with-web-content-filtering-on-windows-11-22h2\/230208075107457\/\" rel=\"noopener\"> on February 17th SonicWall will release a fix to solve a clash between Capture Client and Win11<\/a>. A commentator at the SANS Institute says administrators should think about first installing the SonicWall patch before updating Windows.<\/p>\n<p data-ar-index=\"12\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I\u2019m Howard Solomon<\/p>\n<p data-ar-index=\"13\">\n<p data-ar-index=\"14\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-13-2023-hole-in-goanywhere-file-transfer-utility-exploited-ransomware-attacks-in-the-u-s-and-israel-and-more\/526994\">Cyber Security Today, Feb. 13, 2023 \u2013 Hole in GoAnywhere file transfer utility exploited, ransomware attacks in the U.S. and Israel, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the apparent return of the Clop extortion gang, ransomware attacks against hospital groups and the city of Oakland, Calif.,<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35467","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35467"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35467\/revisions"}],"predecessor-version":[{"id":35522,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35467\/revisions\/35522"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}