Cyber Security Today, August 21, 2023 – The latest ransomware news, and security patches issued by Cisco, Juniper and Jenkins

The latest ransomware news, and security patches issued by Cisco, Juniper and Jenkins.

Welcome to Cyber Security Today. It’s Monday, August 21st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 

The Black Basta ransomware gang is getting nasty. It has started posting sensitive personal information from data it stole earlier this year from the Raleigh, North Carolina Housing Authority. According to the cybersecurity news site The Record, the data includes the Social Security cards of people associated with the authority. Several American housing authorities have recently been hit by ransomware.

Ransomware gangs claimed at least 1,500 victim organizations worldwide in the first half of this year. That’s according to an analysis of successful cyber attacks for the first six months by researchers at Rapid7. The thing is, the report emphasizes, ransomware and other attacks can be prevented. Many of the ways attackers initially compromise IT networks are common: By brute-forcing credentials or by credential stuffing attacks on internet-exposed systems like VPNs and virtual desktops that weren’t protected by multi-factor authentication. Thirty-nine per cent of attacks in the first half of the year that were studied came under this type of remote access category. Twenty-seven per cent of initial compromises were caused by exploiting vulnerabilities. Thirteen per cent were due to staff falling for phishing lures.

How much does a ransomware attack cost a city? In the case of the city of Dallas, Texas, US$8.6 million. That’s the cost city council approved last week to pay for things needed for recovery after a ransomware attack in May. That includes purchases of hardware, software, network monitoring services and consultants. That US$8.6 million doesn’t include the extra hours municipal IT staff had to work in responding to the crisis and the costs of IT systems that had to be temporarily taken offline. The personal data of more than 26,000 people was compromised.

Attention IT administrators whose organization uses the Zimbra Collaboration suite. Researchers at ESET have discovered a phishing campaign trying to steal the login credentials of Zimbra users. Victims asked to click on a link because of an upcoming email server update get taken to a fake login page. So far targets are in Italy, Ecuador and Poland.

Attention administrators with the Jenkins automation server on their networks: The developer has issued patches to close vulnerabilities in nine plug-ins for by the servers. These include the Folders, Config File Provider, NodeJS, Blue Ocean plugins. Note that there are currently no fixes for bugs in four other plug-ins. These may need mitigations.

Attention administrators with Cisco Systems products in their environments: The company issued patches last week to close 19 vulnerabilities in a wide range of products. These include Unification Communications Manager, Unified Contact Centre, Umbrella Virtual Appliance, Thousand Eyes Enterprise Agent Virtual Appliance, Identity Services Engine and others. Make sure these updates are applied.

Attention administrators with Juniper Networks devices on their networks: An out-of-band security update has been released for the Junos OS operating system. It fixes four critical vulnerabilities. By chaining them an attacker could do nasty things. Apply this update fast.

Attention anyone who uses the WinRAR file archiving utility: The developer, RARLAB, has issued an update to close a vulnerability. Unless the update is installed a remote attacker could execute arbitrary code.

Finally, more American regulators are pressuring critical infrastructure providers to disclose breaches of security controls faster. The National Credit Union Administration said last week that starting September 1st all federally insured credit unions have to notify it of a reportable cyber incident within 72 hours. A reportable incident is one that jeopardizes or is about to jeopardize the integrity of data. Meanwhile, unless the Securities and Exchange Commission changes its mind, starting September 4th publicly-traded companies in the U.S. overseen by the SEC will have to disclose material cybersecurity incidents within four business days.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.