{"id":36173,"date":"2023-03-01T08:07:22","date_gmt":"2023-03-01T13:07:22","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=530194"},"modified":"2023-03-02T10:01:00","modified_gmt":"2023-03-02T15:01:00","slug":"cyber-security-today-march-1-2023-dish-tv-u-s-marshals-service-hit-with-ransomware-and-a-us-official-shoots-security-complaints-against-the-it-industry","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-1-2023-dish-tv-u-s-marshals-service-hit-with-ransomware-and-a-us-official-shoots-security-complaints-against-the-it-industry\/","title":{"rendered":"Cyber Security Today, March 1, 2023 \u2013 Dish TV, U.S. Marshal\u2019s Service hit with ransomware, and a US official shoots security complaints against the IT industry"},"content":{"rendered":"<p data-ar-index=\"0\">Dish TV, U.S. Marshal\u2019s Service hit with ransomware, and a U.S. official shoots security complaints against the IT industry.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, March 1st. 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<br \/>\n<iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/26086380\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">\n<p data-ar-index=\"3\">Two big ransomware stories to tell you about:<\/p>\n<p data-ar-index=\"4\"><strong>American satellite TV provider<\/strong> Dish Network has acknowledged that a ransomware attack is behind network, website and call centre disruptions. It made the admission in a <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1042642\/000155837023002254\/dish-20230223x8k.htm\" rel=\"noopener\">regulatory filing this week<\/a> after realizing last Thursday it had been attacked. On Monday the company discovered data had been copied. As of the recording of this podcast Dish said the stolen data may include personal information. Many customers are still having trouble paying their bills, accessing their accounts and getting hold of service desks. It will take a little more time before things are fully restored, <a href=\"https:\/\/www.dish.com\/statement\" rel=\"noopener\">the company says<\/a>. TV service isn\u2019t affected.<\/p>\n<p data-ar-index=\"5\"><strong>The U.S. Marshal\u2019s service,<\/strong> which hunts fugitives and protects American federal courthouses, was also hit with a ransomware attack last month. <a href=\"https:\/\/www.nbcnews.com\/politics\/politics-news\/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581\" rel=\"noopener\">According to NBC News<\/a>, the February 17th compromise affected an IT system with sensitive law enforcement information, including personally identifiable information about subjects of investigations. A source told NBC the incident didn\u2019t involve the database of people in the federal witness protection program.<\/p>\n<p data-ar-index=\"6\"><strong>The top application vulnerabilities<\/strong> leveraged by hackers last year were holes discovered in 2021. That\u2019s <a href=\"https:\/\/static.tenable.com\/marketing\/research-reports\/Research-Report-2022_Threat_Landscape_Report.pdf\" rel=\"noopener\">according to researchers at Tenable.<\/a> OK, that includes Log4j2, which was discovered at the end of 2021 and not fully patched until 2022. However, the company\u2019s annual Threat Landscape report issued this week also notes that threat actors continue to exploit unpatched vulnerabilities \u2014 especially in Microsoft Exchange \u2014 dating back to 2017. Number three on the list is a vulnerability in Microsoft\u2019s Support Diagnostics tool. It was patched last June. Number four on the list is a hole affecting versions of Atlassian\u2019s Confluence Server and Data Center.<\/p>\n<p data-ar-index=\"7\">Tenable\u2019s advice: Patch known vulnerabilities in your environment first before fixing zero day exploits.<\/p>\n<p data-ar-index=\"8\"><strong>Attention IT hardware developers,<\/strong> including chipmakers and motherboard manufacturers: Two serious vulnerabilities<a href=\"https:\/\/kb.cert.org\/vuls\/id\/782720\" rel=\"noopener\"> have been found<\/a> in the specification for creating Trusted Platform Modules. TPM modules encrypt certain operating system functions. An attacker who can access a TPM command interface can trigger these holes and get read-only access to sensitive data or overwrite normally protected data. There\u2019s a security update available from the Trusted Computing Group for hardware and software companies.<\/p>\n<p data-ar-index=\"9\"><strong>Have you been hit<\/strong> by the MortalKombat strain of ransomware? If so, security firm Bitdefender <a href=\"https:\/\/www.bitdefender.com\/blog\/labs\/bitdefender-releases-decryptor-for-mortalkombat-ransomware\/\" rel=\"noopener\">has released<\/a> a decryptor you can use to unscramble encrypted data. It is good for the current version of the malware.<\/p>\n<p data-ar-index=\"10\"><strong>Finally<\/strong>, breaches of security controls should be blamed on unsafe applications, not attackers, says the head of the U.S. Cybersecurity and Infrastructure Security Agency. In a speech this week to Carnegie Mellon University, Jen Easterly complained the burden of cybersecurity is placed too heavily on consumers and small organizations. Software and hardware companies wrongly accept that products are released with large numbers of defects, she said. She also urged developers to switch to safer programming languages like Rust, Go, Python and Java. T<a href=\"https:\/\/content.govdelivery.com\/accounts\/USDHSCISA\/bulletins\/34b657c\" rel=\"noopener\">here\u2019s more detail and recommendations in her speech.<\/a><\/p>\n<p data-ar-index=\"11\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-1-2023-dish-tv-u-s-marshals-service-hit-with-ransomware-and-a-us-official-shoots-security-complaints-against-the-it-industry\/530194\">Cyber Security Today, March 1, 2023 \u2013 Dish TV, U.S. Marshal\u2019s Service hit with ransomware, and a US official shoots security complaints against the IT industry<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Breaches of security controls should be blamed on unsafe applications, not attackers, says the head of the U.S. Cybersecurity and Infrastructure Security Agency<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-36173","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/36173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=36173"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/36173\/revisions"}],"predecessor-version":[{"id":36177,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/36173\/revisions\/36177"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=36173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=36173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=36173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}