The Russians are coming for these devices, how a games company was hacked and be careful with internet searches.
Welcome to Cyber Security Today. It’s Friday April 16th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
IT leaders can have a hard time deciding which hardware and software to patch first. The U.S. government has made it easier. Yesterday it issued a list of the corporate devices Russia’s foreign intelligence service commonly tries to exploit because of unpatched vulnerabilities. The list has well-known devices made by Fortinet, Citrix, Pulse Secure and VMware, as well as the Zimbra Collaboration Suite. Patches for all have been available for months. Security updates for some of these were issued as far back as 2018. The most recent was last year. It’s hard to understand why organizations haven’t patched these by now.
The alert also includes this advice to IT leaders: Continuously hunt for signs of compromise and abuse of passwords, particularly in cloud environments.
The results of an investigation into the cause of a ransomware attack last year on Japanese game-maker Capcom are in, and it’s not pretty. The attackers got in by compromising an older virtual private network device in Capcom’s California office. It was being used as a backup while newer and different models for remote access were being installed. The attack spread to some computers at headquarters in Japan. Capcom was in the middle of installing improved defensive services and software that might have caught the attack. But the pandemic slowed down implementation. Personal data on about 15,000 individuals was stolen by the attackers. Because Capcom refused to pay a ransom that data was publicly leaked. One lesson from this: If your IT department has decided some hardware or software is risky, get it updated fast.
No one uses the internet without searching for something. But Canadian managed service provider eSentire says cyber crooks are tricking employees into going to hacker-controlled websites. They do it by manipulating internet searches for certain business words. These include “invoice,” “receipt,” “template,” “questionnaire” and “resume.” Victims apparently are looking for business templates, perhaps so they can fill out their own invoices or resumes. The report says the gang behind this scheme has created hundreds of web pages with popular business terms in hopes that those pages will be among the top results of searches for those and similar words. But when people click on a button to download what are supposed to be templates or business documents their computer gets infected with malware. One of the best defences to this is having good anti-malware software on your devices. Also, be sure the site you download from is trustworthy.
ParkMobile, an app that allows drivers in Canada and the U.S. to pay for parking through their smartphones, has admitted information about users has fallen into the hands of crooks. This comes after security reporter Brian Krebs was told this week by a security company called Gemini Advisory that someone is selling data on a criminal cyber forum on 21 million ParkMobile customers. On March 26th ParkMobile put out a statement saying there had been a cybersecurity incident. At the time it said “no sensitive data or payment card information … was affected.” But after the Krebs story was published it issued a new statement saying basic user information including licence plate numbers and, if provided to the company, email addresses and phone numbers, were accessed by a hacker.
Finally, new versions of the Chrome and Edge browsers have been released. Make sure your browser is updated.
That’s it for now. Remember later today the Week In Review edition of the podcast will be out. This week’s guest commentator is Dinah Davis of managed security provider Arctic Wolf, and we’ll be talking about best digital identity management practices.
Links to details about podcast stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.