{"id":37120,"date":"2023-03-31T07:55:09","date_gmt":"2023-03-31T11:55:09","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=535045"},"modified":"2023-04-05T09:01:13","modified_gmt":"2023-04-05T13:01:13","slug":"cyber-security-today-march-31-2023-world-backup-day-advice-new-malware-targeting-linux-and-more-2","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-31-2023-world-backup-day-advice-new-malware-targeting-linux-and-more-2\/","title":{"rendered":"Cyber Security Today, March 31, 2023 \u2013 World Backup Day advice, new malware targeting Linux and more"},"content":{"rendered":"<p>World Backup Day advice, new malware targeting Linux and more<\/p>\n<p>Welcome to Cyber Security Today. It&#8217;s Friday, March 31st, 2023. I&#8217;m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/26396862\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Today is World Backup Day.<\/strong> I have a long story on ITWorldCanada.com which is tailored for IT department leaders in mid-to-large firms, so on this podcast I want to address IT leaders in small businesses. The good news is backup and recovery should be easier because your environment will be simpler compared to a multi-million dollar retailer. Still, some of the same rules apply: First, decide what data needs to be backed up, giving priority to sensitive information and how often it needs to be backed up. Second, make sure data is backed up off-site as well as on-site. And for extra protection, it should be encrypted. Third, make sure the off-site backup can&#8217;t be compromised by a hacker. One of the biggest failures of IT is to protect off-site backup from being encrypted, ruining any chance of data restoration. Fourth, document your backup procedures so when staff leave the knowledge doesn&#8217;t go with them. And last, have IT staff regularly practice restoring a backup. You&#8217;ll need that experience in a crisis.<\/p>\n<p><strong>Attention Linux administrators<\/strong>: New malware targeting Linux servers has been discovered.<a href=\"https:\/\/blog.exatrack.com\/melofee\/\"  rel=\"noopener\"> Researchers at the French firm Exatrack<\/a> call it Melofee, and believe it was created by a group based in China. It drops a rootkit and a server implant. The implant can update itself, create a new socket for interaction, search for system information, read and write files and more. The implant hasn&#8217;t been widely seen, suggesting the attacker uses it only to go after high value targets.<\/p>\n<p><strong>University researchers say<\/strong> there&#8217;s a fundamental flaw in the Wi-Fi protocol that could affect devices running Linux, FreeBSD, Android and iOS. In a summary of the report,<a href=\"https:\/\/thehackernews.com\/2023\/03\/new-wi-fi-protocol-security-flaw.html\"  rel=\"noopener\"> the Hacker News notes<\/a> that the flaw could be used to hijack TCP connections or intercept client and web traffic. The power-save mechanisms in endpoint devices could trick access points into leaking data frames in plaintext.<\/p>\n<p>Cisco Systems said attacks could be successful against its Wireless Access Point and Meraki wireless products. But Cisco also believes the information gained would be of minimal value in a securely configured network. To reduce the odds of success, TLS should be enabled to encrypt data in transit. In addition network access should be restricted.<\/p>\n<p><strong>Attention Instagram users:<\/strong> Crooks are hunting for subscribers who haven&#8217;t activated multifactor authentication. When they are found, the crooks either use a brute-force attack to figure out the passwords or use a phishing attack to trick the user into giving up their password. <a href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/instagram-scam-indonesia\/?utm_source=twitter&amp;utm_campaign=grand-account-theft&amp;utm_medium=social\"  rel=\"noopener\">According to researchers at Group-IB<\/a>, once the hacker has access they lock out the account owner by enabling multifactor authentication. Then they rename the hijacked Instagram account to make it look like it belongs to a financial institution to trick the account&#8217;s followers. This scheme was run in Indonesia, but it can be tried in any country. Instagram users are warned this is another reason to enable multifactor authentication.<\/p>\n<p>That&#8217;s it for now. but later today the Week in Review podcast will be available. David Shipley of Beauceron Security and I will discuss a proposed delay on researching AI systems, the future of TikTok and more.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-31-2023-world-backup-day-advice-new-malware-targeting-linux-and-more\/535045\">Cyber Security Today, March 31, 2023 \u2013 World Backup Day advice, new malware targeting Linux and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on how crooks take over Instagram accounts, a WiFI problem in Linux-based devices like access points and smartp<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-37120","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/37120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=37120"}],"version-history":[{"count":1,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/37120\/revisions"}],"predecessor-version":[{"id":37122,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/37120\/revisions\/37122"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=37120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=37120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=37120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}