A vulnerability in millions of computers, a lesson from a ransomware attack, a Cisco software fix and trouble in Vermont
Welcome to Cyber Security Today. It’s Friday July 31st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Corporate IT administrators and consumers always need to install software updates as soon as possible. This is even more important after a cybersecurity company called Eclypsium warned this week of a serious problem in the Windows and Linux operating systems. It’s in the secure startup, or boot, section of the operating systems that’s supposed to ensure the sensitive parts of Windows and Linux can’t be tampered with. However, this vulnerability interferes with that and could allow an attacker to install malware giving them near control over devices. And it’s not only desktop computers and servers that are at risk. So are industrial and healthcare equipment that use Linux. Very shortly big tech companies including Microsoft, distributors of Linux like Red Hat, Canonical, SuSE and Debian as well as many software companies will be releasing updates. Now that news of this bug is public, expect hackers to try to take advantage. So watching for and installing updates is important. Here’s a link to the detailed report.
More about security fixes: Cisco Systems says a critical vulnerability exists in its Data Centre Network Manager. This is a key management software for all of the Cisco Nexus data centre servers. If exploited an attacker could bypass authentication to the software and do nasty things. Cisco has released a software update.
The ZDNet news service has an interesting story about a ransomware attack on an unnamed food and drink manufacturer. It offers a number of lessons to organizations. An employee — likely in the accounting department — was targeted with a phishing email that included an invoice as an attachment. The staffer clicked on the infected attachment, which led to the downloading of malware. That malware copied login credentials for a number of servers so the hackers was able to get into about 60 per cent of the company’s systems. But the firm’s cybersecurity team noticed something suspicious, so the hackers installed the ransomware rather than wait to infect the rest of company. How did the malware initially spread? Because some staff were using older computers whose software hadn’t been patched. Fortunately the company was crippled for only two days. But that would have killed some firms. The incident is another lesson in the importance of inventorying and patching systems as soon as possible.
Finally, the state of Vermont says personal data of people who filed property transfer tax returns online for the past three and a half years could have been copied after the state discovered a security issue. The verification credentials used for electronic filing were left open in public municipal records, so anyone could have accessed previously filed tax returns. What a snooper or a crook could have seen was information including people’s social security number. That, of course, could be used for impersonation and making fake ID. Now, municipal records can’t be used to call up previously submitted property transfer tax returns. While the state believes the risk of unauthorized access before this was fixed is low, it urges people to watch their bank and payment card records and to monitor their credit rating.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon