{"id":43480,"date":"2024-01-08T07:50:34","date_gmt":"2024-01-08T12:50:34","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=555861"},"modified":"2024-01-08T20:24:00","modified_gmt":"2024-01-09T01:24:00","slug":"cyber-security-today-jan-8-2024-how-a-spanish-cellular-carriers-network-was-knocked-offline-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-jan-8-2024-how-a-spanish-cellular-carriers-network-was-knocked-offline-and-more\/","title":{"rendered":"Cyber Security Today, Jan. 8, 2024 \u2013 How a Spanish cellular carrier\u2019s network was knocked offline, and more"},"content":{"rendered":"<p>How a Spanish cellular carrier\u2019s network was knocked offline, and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, January 8th, 2024. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/29378773\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Despite all the money<\/strong> organizations spend on cybersecurity, some continue to shoot themselves by ignoring basic cybersecurity practices. The latest example is last week\u2019s compromise of cellular carrier Orange Spain. How was it done? A threat actor infiltrated the computer of an administrator and stole their login credentials to a regional IP network co-ordination centre called RIPE.<a href=\"https:\/\/www.infostealers.com\/article\/infostealer-infection-of-an-orange-employee-results-in-bgp-disruptions\/\" rel=\"noopener\"> Never mind the administrator\u2019s password was \u2018ripeadmin,<\/a>\u2018 which could have been guessed. Worse is that \u2014 <a href=\"https:\/\/doublepulsar.com\/how-50-of-telco-orange-spains-traffic-got-hijacked-a-weak-password-d7cde085b0c5\" rel=\"noopener\">according to researcher Kevin Beaumont<\/a> \u2014 this IP network account wasn\u2019t protected with multifactor authentication. Let me repeat that: Login to a service that looks after internet routing of a telecommunications provider had no multifactor authentication protection. By the way, the stolen administrator credential had been available for sale on a criminal marketplace since last August to any threat actor. It isn\u2019t known how the admin\u2019s computer was compromised so the password could be stolen. But they likely fell for a phishing or social media scam, which allowed malware to be planted on their machine. Fortunately all that happened was Orange Spain customers lost connectivity for several hours.<\/p>\n<p>Meanwhile, all telecommunications providers in Europe, the Middle East and Asia that use the RIPE network should note there are thousands of stolen credentials for accessing this system being sold on dark web marketplaces. You have been warned.<\/p>\n<p><strong>A midwife service<\/strong> for expectant mothers in Southern Ontario is notifying women it suffered a data breach last April. <a href=\"https:\/\/www.cbc.ca\/news\/canada\/windsor\/midwives-windsor-email-breach-1.7075507\" rel=\"noopener\">CBC News says<\/a> Midwives of Windsor is telling clients that one of its email accounts was compromised. An unknown number of names, mailing addresses, phone numbers, dates of birth and other personal information of mothers and children may have been copied.<\/p>\n<p><strong>Someone was able to compromise<\/strong> the flight information displays at Beirut International Airport on Sunday and post anti-Hezbollah messages. Hezbollah is an Islamist political party and militant group in the country. <a href=\"https:\/\/apnews.com\/article\/lebanon-beirut-airport-hack-hezbollah-israel-5d5855c3635b429d63491993f7748a64\" rel=\"noopener\">According to the Associated Press<\/a>, those in the airport hoping to see departure and arrival times instead saw a message accusing Hezbollah of putting Lebanon at risk of an all-out war with Israel.<\/p>\n<p><strong>Some organizations<\/strong> are already implementing solutions to protect their encrypted applications from future quantum computer attacks. However, researchers are warning one solution already has a vulnerability that has to be patched. The solution is CRYSTALS, a set of algorithms approved by the National Institute of Standards and Technology (NIST). Within CRYSTALS is a security key encapsulation mechanism called Kyber, and that\u2019s where the problem is. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kyberslash-attacks-put-quantum-encryption-projects-at-risk\/\" rel=\"noopener\">According to Bleeping Computer<\/a>, researchers found Kyber has two vulnerabilities. One was patched on December 1st, the other on December 30th. If your application uses Kyber as part of its CRYSTALS solution this has to be looked after.<\/p>\n<p>And by the way, if your application handles encrypted sensitive or financial data you need to be investigating quantum-safe solutions now before quantum computers can unscramble them.<\/p>\n<p><strong>Pharmaceutical manufacturer Merck &amp; Co.<\/strong> has reached a settlement with insurers over hundreds of millions of dollars it was claiming for damages in the 2017 NotPetya cyber attack. You may recall that was the cyber attack aimed at Ukraine by compromising an accounting program used in that country. But the destructive worm escaped to ravage unpatched Windows computers around the world, including Merck\u2019s systems. A New Jersey appeal court ruled insurers had to pay Merck about US$700 million for computer damages the company suffered. Last week the insurers were about to fight that decision before the New Jersey Supreme Court. But <a href=\"https:\/\/news.bloomberglaw.com\/litigation\/merck-1-4-billion-cyberhack-settlement-ends-warlike-act-claim\" rel=\"noopener\">Bloomberg Law says<\/a> there was a last-minute settlement. The terms of that settlement are confidential. The appeal court ruled the insurers had to pay under Merck\u2019s all risks property coverage. While the policies basically said there was no payout for damages caused by war-like actions, the appeal court said the wording only applied to traditional forms of war and not cyber attacks. The language for insurance policies is tighter these days.<\/p>\n<p><strong>Five years ago<\/strong> the U.S. seized control and laid charges in the operation of the online xDedic criminal marketplace. Last week the government <a href=\"https:\/\/www.justice.gov\/usao-mdfl\/pr\/19-individuals-worldwide-charged-transnational-cybercrime-investigation-xdedic\" rel=\"noopener\">said its investigation has peaked.<\/a> Seventeen people were charged. All were convicted. Eleven got sentences ranging from 78 to 12 months in prison. One was sentenced to five years probation. Five others are awaiting sentencing. The marketplace sold stolen login credentials to more than 700,000 servers around the world as well as stolen personal information.<\/p>\n<p><strong>A New York State healthcare provider<\/strong><a href=\"https:\/\/ag.ny.gov\/press-release\/2024\/attorney-general-james-reaches-agreement-hudson-valley-health-care-provider\" rel=\"noopener\"> has agreed to pay US$450,000 and spend US$1.2 million to strengthen its cybersecurity<\/a> following a ransomware attack two years ago. An attacker claiming to be the Lorenz ransomware gang accessed the data of 250,000 people held by Rafuah Health Centre. New York\u2019s attorney general\u2019s office found the health centre failed to encrypt patient information, failed to use multifactor authentication to protect logins, failed to decommission inactive user accounts, failed to rotate user account credentials and failed to restrict employee\u2019s access to data to only those who needed it..<\/p>\n<p><strong>A San Francisco law firm<\/strong> that specializes in technology <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/8a2cebbb-af51-4e3b-ab37-a64ff132a972.shtml\" rel=\"noopener\">now says the personal information of over 630,000 people was copied in a cyber attack<\/a> it suffered early last year. Originally the firm of Orrick, Herrington &amp; Sutcliffe LLP reported to Maine\u2019s attorney general\u2019s office that 152,000 people were impacted. Then the number rose to 461,000. The attacker got into a file share where certain client files were stored including emails and email attachments. Stolen data could have included peoples\u2019 names, dates of birth, Social Security numbers, government-issued identification numbers, passport numbers, financial account information, medical information and more. Last month the law firm reached a proposed settlement in a class action suit stemming from the data breach.<\/p>\n<p><strong>Finally,<\/strong> do you have an idea of how to detect the use of voice cloning for audio and video crimes? You have until Friday <a href=\"https:\/\/www.ftc.gov\/news-events\/contests\/ftc-voice-cloning-challenge\" rel=\"noopener\">to submit a solution to the U.S. Federal Trade Commission<\/a>. It\u2019s running a contest to find ways of stopping threat actors from defrauding victims or spreading disinformation. Voice cloning uses text-to-speech technology originally developed to help people who have lost their voices from accidents or illness. But crooks are using it to impersonate people. The contest winner gets US$25,000.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-8-2024-how-a-spanish-cellular-carriers-network-was-knocked-offline-and-more\/555861\">Cyber Security Today, Jan. 8, 2024 \u2013 How a Spanish cellular carrier\u2019s network was knocked offline, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on basic cybersecurity oversights that led to the hacking of a teclo, the increased number of victims of a US law firm hack, a data breach at a Canadian provider of midwive<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[26,360,16],"tags":[389],"class_list":["post-43480","post","type-post","status-publish","format-standard","hentry","category-mobility","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=43480"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43480\/revisions"}],"predecessor-version":[{"id":43496,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/43480\/revisions\/43496"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=43480"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=43480"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=43480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}