Canadian and U.S. wireless carriers update their Android utilities, a jump seen in Clop ransomware victims, and more.
Welcome to Cyber Security Today. It’s Monday, May 30th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
It’s Memorial Day in the U.S. If you’re listening, thanks for tuning in.
Users of Android smartphones from some of the biggest carriers in North America are being urged to update their devices as soon as possible. This includes cellular subscribers to Bell, Rogers, Telus and Freedom Mobile in Canada, and AT&T in the U.S. It’s because of vulnerabilities that were found in pre-installed utilities these and other carriers around the world put in their phones. The utilities are to help diagnose and fix problems. But researchers at Microsoft found a framework the utilities used from an Israeli company could be leveraged by an attacker to access the phone’s audio, camera, power and storage controls. The framework has been fixed and carriers have already updated their apps in the Google Play store. If you regularly go into Play Store for the latest versions of your apps — and you should once a week — then you likely have this fixed. Still, it doesn’t hurt to check.
A reported leap in the number of victims hit with the Clop strain of ransomware last month has security analysts puzzled. Researchers at the NCC Group say Clop added 21 alleged victims on its data leak site in April. That was up from just one in all of March. The increase suggests Clop has returned to action, researchers say. Just over a year ago Ukrainian police arrested six alleged members of the gang. In addition to spreading ransomware, Clop operatives have also been known to steal data and extort victims without encrypting data. The most common strain of ransomware seen in April was Lockbit, followed by Conti.
The FBI is warning U.S. college and university IT departments to toughen their user login and authentication procedures. While the alert is aimed at American institutions, it is just as valid for higher-education institutions in any country. The warning comes because threat actors continue to target colleges and universities. One tactic is to clone an institution’s login page to scoop up usernames and passwords of those who fall for the copy. Another is embedding links to the phony site in phishing emails to students and faculty. The alert notes that as recently as January, Russian cybercriminal forums were offering for sale or giving away for free passwords and VPN access to many American higher-education institutions. IT departments are urged to require users to enroll in multi-factor authentication as an extra step to protect all logins. IT departments should also keep all software patched with the latest security updates.
In April it was reported that a hacker had made off with user tokens issued to two third-party app integrators, Heroku and Travis CI, leading to the compromise of some open source projects. In a blog on Friday, GitHub updated the impact of those thefts. The attacker was able to copy an older backup archive of GitHub’s NPM open-source library that included usernames, password hashes and email addresses of some 100,000 NPM users. GitHub is confident the hacker hasn’t yet modified any published packages in the registry, or published any new versions to existing packages. The attacker did it by getting into a set of private NPM repositories and accessed the Amazon AWS infrastructure of NPM. That allowed the attacker to access the backup. As a result GitHub has reset the passwords of those who could access database backups. It is also notifying two organizations that had private packages exposed by the theft.
Finally, a New York man was sentenced last week by a U.S. judge to four years in prison for his role in being part of the Infraud cybercriminal organization. He pleaded guilty to racketeering in the purchase and use of compromised credit cards. He is the 14th Infraud member to be put behind bars. Others have been hit with prison terms of up to 10 years.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks