Cyber Security Today, Sept. 29, 2021 – A new ransomware gang pops up, another open database found, Nobelium has a new hacking tool and more

A new ransomware gang pops up, another open database discovered, Nobelium has a new hacking tool and more.

Welcome to Cyber Security Today. It’s Wednesday September twenty ninth. I’m Howard Solomon, contributing author on cybersecurity for ITWorldCanada.com.

 

A new ransomware pressure has been found. Given the nickname Colossus by researchers at ZeroFox, the menace actor declare it has already victimized an American agency that owns a number of automotive dealerships. The attacker is threatening to make public 200 GB of stolen information except the corporate pays $400,000. That ransom will go up the longer the corporate waits.

As all the time the perfect methods to defend towards ransomware – and any cyber assault – embrace ensuring company antivirus and intrusion detection software program are updated, enabling multifactor authentication for all staff and contractors, limiting entry to delicate information to solely those that want it, and segmenting community assets so ransomware can’t unfold throughout completely different methods.

Another individual has apparently been careless with a company database. This time the corporate concerned runs the youngsters’s e-book web site known as FarFaria. Security researcher Bob Diachenko at Comparitch discovered an open database belonging to the positioning with data on virtually three million customers resembling their electronic mail addresses, login authentication tokens and different information. When Diachenko alerted the corporate entry to the database was restricted. Often the fault of such incidents is a consumer not correctly configuring the database for safety.

Attention directors of the on-premise model Microsoft Exchange electronic mail server: Microsoft has added a new feature within the September cumulative replace to assist enhance safety. Called the Emergency Mitigation service, it routinely applies mitigations to Exchange created by Microsoft. Mitigations are short-term fixes for points till a safety replace may be put in. While the Emergency Mitigation service is put in routinely with the September cumulative replace, it may be turned off if the admin prefers to make use of the similar however cloud-based Exchange On-premises Mitigation Tool.

Microsoft has additionally found that the menace actor behind the SolarWinds assault that it calls Nobelium has a new tool in its arsenal. It’s another backdoor into IT methods. Its purpose is to steal the configuration database of a compromised Active Directory Federation Services server. The listing would have all the usernames and passwords of staff. It’s very important that Windows directors audit their on-premise and cloud infrastructure to verify they haven’t been compromised. There’s a link to the detailed report here.

Another report this week once more warns software program builders of the risks of writing unsafe functions. Palo Alto Networks says when it was employed to check a giant, unnamed software-as-a-service supplier it discovered a lot of misconfigurations. In truth it took just one researcher three days to seek out important software program improvement flaws that might have led to a profitable cyber assault. The lesson is cloud functions may be simply as susceptible as on-premise software program to what are known as provide chain assaults that insert unhealthy code or flaws. These issues can vary from utilizing flawed frameworks to unhealthy open-source code. DevOps and safety groups should acquire visibility into the invoice of supplies in each cloud workload earlier than closing code is accepted, says the report.

Finally, final week I reported that a Canadian-based voice over IP cellphone supplier had been badly hit by a distributed denial of service assault. This week’s victim is a U.S.-based VoIP and messaging supplier known as Bandwidth.com. Its service is utilized by different VoIP suppliers. By Tuesday Bandwidth.com stated it had mitigated a lot of the assault. But hackers seem to have realized that VoIP suppliers, in addition to web suppliers, are susceptible to DDoS assaults.

That’s it for now Remember hyperlinks to particulars about podcast tales are within the textual content model at ITWorldCanada.com. That’s the place you’ll additionally discover different tales of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your sensible speaker.