Protect your routers from this attacker, new open-source malware packages found, and more.
Welcome to Cyber Security Today. It’s Friday, September 29th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A China-based threat actor is taking a roundabout way of hacking major companies. The group, dubbed BlackTech, is hacking the network routers of subsidiaries of major companies. Then it uses that access to pivot into the servers at the firm’s headquarters. That warning comes from American and Japanese government cyber agencies. BlackTech is also called Circuit Panda and Radio Panda by other security researchers. Apparently it hopes network appliances used at branch offices aren’t watched as carefully as edge devices closer to a firm’s head office. After compromising a branch router the attackers try to blend their traffic with regular corporate IT traffic. Among the routers compromised are those made by Cisco Systems. Network administrators are urged to closely monitor both inbound and outbound connections from IT network devices to both internal and external systems. They should also limit access to administration services of edge devices. And networks should only have devices with secure boot capabilities.
Threat actors continue to take advantage of the open-source NPM and PyPI code repositories. These are sites where developers drop open-source packages that anyone can use for their own applications. But as I’ve reported several times, hackers are planting their own code, hoping to sucker developers into downloading their malicious packages. Once the malware is on the developer’s computer it steals data from there — such as passwords and security keys — and do the same from the developers’ apps. The latest discovery comes from researchers at Phylum. They say a threat actor this month has been dropping a number of malicious packages into NPM and PyPI in a continuous campaign. Many of the pieces of code have complex obfuscation techniques to hide their real functions. For protection, developers have to scan and test any open-source code they download.
Here’s another of those ‘ooopsy’ incidents with generative artificial intelligence: Anyone can use Google’s Bard AI chatbot to ask questions. But those who do hope the questions and answers will be private. However, according to the news site Fast Company, until recently the text of conversations with Bard AI were indexed and could be found if anyone searched for information on the same topic. That’s because Bard AI has a feature: The ability to share a text conversation with those you chose. Unfortunately there wasn’t a control limiting the share feature to only those who started a Bard AI conversation. Google says it will plug that hole.
Here’s some data breach news: Community First Medical Centre of Chicago is notifying over 216,000 people that some of their personal information was stolen in a July cyber attack at the hospital.
More American corporate victims of the MOVEit file transfer hack are emerging. Among them are NorthEast Community Bank of White Plains, New York and Millyard Bank of New Hampshire. Both are notifying people that some of their personal information was stolen from outside companies with MOVEit servers that the banks used for information processing.
Finally, crooks continue making fake phone calls to people at home claiming to be from Windows. In one of the most recent ones the caller says they are from “Windows Security Department” and quickly ask you to write down and enter into your computer a new security or authorization key. This is a scam. No one from Windows or Microsoft knows your phone number. No one from a legitimate company will call and ask you to change settings on your computer, or call ask permission to log into your computer, or call and tell you to download something to install in your computer.
Remember later today the Week in Review podcast will be available. Guest David Shipley of Beauceron Security and I will talk about October Security Awareness Month, proposed Canadian artificial intelligence and privacy legislation, and ransomware.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.