Dish TV, U.S. Marshal’s Service hit with ransomware, and a U.S. official shoots security complaints against the IT industry.
Welcome to Cyber Security Today. It’s Wednesday, March 1st. 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Two big ransomware stories to tell you about:
American satellite TV provider Dish Network has acknowledged that a ransomware attack is behind network, website and call centre disruptions. It made the admission in a regulatory filing this week after realizing last Thursday it had been attacked. On Monday the company discovered data had been copied. As of the recording of this podcast Dish said the stolen data may include personal information. Many customers are still having trouble paying their bills, accessing their accounts and getting hold of service desks. It will take a little more time before things are fully restored, the company says. TV service isn’t affected.
The U.S. Marshal’s service, which hunts fugitives and protects American federal courthouses, was also hit with a ransomware attack last month. According to NBC News, the February 17th compromise affected an IT system with sensitive law enforcement information, including personally identifiable information about subjects of investigations. A source told NBC the incident didn’t involve the database of people in the federal witness protection program.
The top application vulnerabilities leveraged by hackers last year were holes discovered in 2021. That’s according to researchers at Tenable. OK, that includes Log4j2, which was discovered at the end of 2021 and not fully patched until 2022. However, the company’s annual Threat Landscape report issued this week also notes that threat actors continue to exploit unpatched vulnerabilities — especially in Microsoft Exchange — dating back to 2017. Number three on the list is a vulnerability in Microsoft’s Support Diagnostics tool. It was patched last June. Number four on the list is a hole affecting versions of Atlassian’s Confluence Server and Data Center.
Tenable’s advice: Patch known vulnerabilities in your environment first before fixing zero day exploits.
Attention IT hardware developers, including chipmakers and motherboard manufacturers: Two serious vulnerabilities have been found in the specification for creating Trusted Platform Modules. TPM modules encrypt certain operating system functions. An attacker who can access a TPM command interface can trigger these holes and get read-only access to sensitive data or overwrite normally protected data. There’s a security update available from the Trusted Computing Group for hardware and software companies.
Have you been hit by the MortalKombat strain of ransomware? If so, security firm Bitdefender has released a decryptor you can use to unscramble encrypted data. It is good for the current version of the malware.
Finally, breaches of security controls should be blamed on unsafe applications, not attackers, says the head of the U.S. Cybersecurity and Infrastructure Security Agency. In a speech this week to Carnegie Mellon University, Jen Easterly complained the burden of cybersecurity is placed too heavily on consumers and small organizations. Software and hardware companies wrongly accept that products are released with large numbers of defects, she said. She also urged developers to switch to safer programming languages like Rust, Go, Python and Java. There’s more detail and recommendations in her speech.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.