Welcome to Cyber Security Today. It’s Monday, August 21st, 2023. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The Black Basta malware gang is getting nasty. It has started posting private personal information from data it stole earlier this year from the Raleigh, North Carolina Housing Authority. According to the cybersecurity news site The Record, the data includes the Social Security cards of people connected with the authority. Several American housing officials have recently been hit by ransomware.
Ransomware gangs claimed at least 1,500 victim groups worldwide in the first half of this year. That’s according to a study of successful cyber attacks for the first six months by researchers at Rapid7. The thing is, the report stresses, ransomware and other attacks can be prevented. Many of the ways criminals initially compromise IT networks are common: By brute-forcing credentials or by credential stuffing attacks on internet-exposed systems like VPNs and virtual computers that weren’t protected by multi-factor authentication. Thirty-nine per cent of attacks in the first half of the year that were studied came under this type of remote access group. Twenty-seven per cent of original compromises were caused by exploiting vulnerabilities. Thirteen per cent were due to staff falling for phishing scams.
How much does a ransomware attack cost a city? In the case of the city of Dallas, Texas, US$8.6 million. That’s the cost city council passed last week to pay for things needed for recovery after a ransomware attack in May. That includes purchases of hardware, software, network monitoring services and experts. That US$8.6 million doesn’t include the extra hours municipal IT staff had to work in responding to the crisis and the costs of IT systems that had to be briefly taken offline. The personal info of more than 26,000 people was compromised.
Attention IT administrators whose company uses the Zimbra Collaboration suite. Researchers at ESET have found a phishing campaign trying to steal the login credentials of Zimbra users. Victims asked to click on a link because of an upcoming email server update get taken to a fake login page. So far goals are in Italy, Ecuador and Poland.
Attention managers with the Jenkins automation server on their networks: The developer has released patches to close vulnerabilities in nine plug-ins for by the servers. These include the Folders, Config File Provider, NodeJS, Blue Ocean tools. Note that there are currently no fixes for bugs in four other plug-ins. These may need mitigations.
Attention administrators with Cisco Systems goods in their environments: The company released patches last week to close 19 vulnerabilities in a wide range of products. These include Unification Communications Manager, Unified Contact Centre, Umbrella Virtual Appliance, Thousand Eyes Enterprise Agent Virtual Appliance, Identity Services Engine and others. Make sure these changes are applied.
Attention managers with Juniper Networks devices on their networks: An out-of-band security update has been made for the Junos OS operating system. It fixes four major vulnerabilities. By chaining them an enemy could do nasty things. Apply this fix fast.
Attention anyone who uses the WinRAR file saving utility: The developer, RARLAB, has released an update to close a vulnerability. Unless the update is installed a remote attacker could run arbitrary code.
Finally, more American regulators are pressuring key infrastructure providers to disclose breaches of security controls faster. The National Credit Union Administration said last week that starting September 1st all federally insured credit unions have to tell it of a reportable cyber incident within 72 hours. A reportable event is one that jeopardizes or is about to jeopardize the integrity of data. Meanwhile, unless the Securities and Exchange Commission changes its mind, beginning September 4th publicly-traded companies in the U.S. overseen by the SEC will have to report material cybersecurity events within four business days.