Cyber Security Today, Sept. 29, 2021 – A new ransomware gang pops up, another open database found, Nobelium has a new hacking tool and more

A new ransomware gang pops up, another open database found, Nobelium has a new hacking tool and more.

Welcome to Cyber Security Today. It’s Wednesday September 29th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

A new ransomware strain has been discovered. Given the nickname Colossus by researchers at ZeroFox, the threat actor claim it has already victimized an American firm that owns several car dealerships. The attacker is threatening to make public 200 GB of stolen data unless the company pays $400,000. That ransom will go up the longer the company waits.

As always the best ways to defend against ransomware – and any cyber attack – include making sure corporate antivirus and intrusion detection software are up to date, enabling multifactor authentication for all employees and contractors, restricting access to sensitive data to only those who need it, and segmenting network resources so ransomware can’t spread across different systems.

Another person has apparently been careless with a corporate database. This time the company involved runs the children’s book website called FarFaria. Security researcher Bob Diachenko at Comparitch discovered an open database belonging to the site with information on almost three million users such as their email addresses, login authentication tokens and other data. When Diachenko alerted the company access to the database was restricted. Often the fault of such incidents is a user not properly configuring the database for security.

Attention administrators of the on-premise version Microsoft Exchange email server: Microsoft has added a new feature in the September cumulative update to help improve security. Called the Emergency Mitigation service, it automatically applies mitigations to Exchange created by Microsoft. Mitigations are temporary fixes for issues until a security update can be installed. While the Emergency Mitigation service is installed automatically with the September cumulative update, it can be turned off if the admin prefers to use the identical but cloud-based Exchange On-premises Mitigation Tool.

Microsoft has also discovered that the threat actor behind the SolarWinds attack that it calls Nobelium has a new tool in its arsenal. It’s another backdoor into IT systems. Its goal is to steal the configuration database of a compromised Active Directory Federation Services server. The directory would have all of the usernames and passwords of employees. It’s vital that Windows administrators audit their on-premise and cloud infrastructure to make sure they haven’t been compromised. There’s a link to the detailed report here.

Another report this week again warns software developers of the dangers of writing unsafe applications. Palo Alto Networks says when it was hired to test a large, unnamed software-as-a-service provider it found lots of misconfigurations. In fact it took only one researcher three days to find critical software development flaws that could have led to a successful cyber attack. The lesson is cloud applications can be just as vulnerable as on-premise software to what are called supply chain attacks that insert bad code or flaws. These problems can range from using flawed frameworks to bad open-source code. DevOps and security teams must gain visibility into the bill of materials in every cloud workload before final code is approved, says the report.

Finally, last week I reported that a Canadian-based voice over IP phone provider had been badly hit by a distributed denial of service attack. This week’s victim is a U.S.-based VoIP and messaging provider called Bandwidth.com. Its service is used by other VoIP providers. By Tuesday Bandwidth.com said it had mitigated much of the attack. But hackers appear to have realized that VoIP providers, as well as internet providers, are vulnerable to DDoS attacks.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today