Ransomware targets small businesses, Digium Elastix and Netwrix Auditor admin warnings, and more.
Welcome to Cyber Security Today. Today is Monday, July 18, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
My thanks to Jim Love for filling in for me while I was off last week. It’s good to be back. So here are some of the latest news:
Small businesses often think — wrongly — they are not the target of pirates. In fact, they are in the crosshairs of a number of threat actors. And according to Microsoftt, one of them is a group based in North Korea that distributes ransomware. The group, which calls itself H0lyGh0st, has been compromising small and medium-sized businesses in several countries since last September. Victims include banks and schools. Organizations of all sizes can protect themselves against ransomware and all types of cyberattacks by using only up-to-date and patched software, requiring all employees to use multi-factor authentication for logins, deploying anti-virus or anti-malware protection, and limiting access to sensitive data to only those who need it.
To the attention of IT Communications Officers: Organizations using the Digium Elastix Voice over IP PBX system are being targeted by threat actors. According to researchers at Palo Alto Networks, attackers attempt to install a web shell on the system’s web server. The report does not detail how the systems are initially attacked. But your firewalls and threat detection applications should be configured to protect against this intrusion.
For the attention of IT managers: A vulnerability in Netwrix Auditor, which is IT asset auditing software, could allow an attacker to compromise a system. It is according to the researchers in a company called Bishop Fox. Ultimately, the attack could lead to the compromise of an Active Directory domain. Administrators are encouraged to update to version 10.5 of Netwrix Auditor.
Many mobile applications are rushed to market with security vulnerabilities, if a recent study made for mobile security company Approov is correct. Half of 302 security managers and mobile app development professionals in the US and UK said their organization might ship apps with known insecurities. Two-fifths of respondents said their organization’s security processes for third-party and internal developers are weak and insufficient. Additionally, 60% of respondents said they had no visibility into runtime threats against mobile apps and APIs. Given the security risks, why developers are rushing into the mobile app market remains a mystery.
Application developers using open source packages on GitHub should seek out and trust those that are actively maintained. Those that are not may be related to malware. GitHub provides metadata called commits on package history. But a report from Checkmarx researchers warns that timestamps on commits can be easily manipulated because they are unverified. Therefore, a threat actor could post a package and appear to have been active for a long time. Additionally, the identity of the committer can be impersonated. The report urges developers to use GitHub’s Commit Signature Verification feature to sign their commits and help improve trust in package data.
To finish, LendingTree, a US online lending support platform, confirmed that the private information of 70,000 users was left open on the internet in February. The platform told cybersecurity news service The Record that a code vulnerability led to the exposure of data that included customers’ names, dates of birth, social security numbers and addresses. At the same time, LendingTree has denied claims that the loan application data of 200,000 people sold on the dark web came from its platform.
Remember that links to podcast story details are in the text version on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.