At least 8 million Americans hit in the latest MOVEit hack, and more.
Welcome to Cyber Security Today. It’s Friday, July 28th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Another major data breach has been blamed on the compromise of Progress Software’s MOVEit file transfer application. Maximus Inc., a provider of IT services to governments in the U.S. said this week personal information on at least 8 million people was copied in the hack of its MOVEit server. That includes their names, social security numbers and protected health information. In a regulatory filing the company said it could cost US$15 million to investigate and remediate damage from the theft.
According to researchers at Emsisoft, 518 organizations around the world have been victimized this year by the exploitation of a vulnerability found by the Clop ransomware gang. Almost three quarters of those organizations are in the U.S.
On Wednesday’s podcast I told listeners about the cyber attack on 12 government departments in Norway. Now the attack vector has been revealed: A vulnerability in Ivanti’s Endpoint Manager Mobile. Some IT managers may know it as MobileIron Core. Cybersecurity authorities in the U.S. and Canada are urging IT administrators with servers running this application to have them patched as soon as possible.
Network administrators with MikroTik routers are urged to take mitigation action to prevent the exploitation of a vulnerability. Researchers at VulnCheck say administrators need to ensure there’s no internet access to the routers’ management interface. Second, there should be restrictions on which IP addresses device managers can log in from. Only access through SSH should be used for administration, and it should be used with public/private keys and not passwords. Finally, the latest version of MikroTik RouterOS should be installed.
NATO is investigating a report that a portal for sharing unclassified data among its 31 country members has been hacked. Researchers at India’s CloudSek say the SiegedSec group made the claim on the Telegram messaging platform. The leak allegedly consists of 845 MB of compressed data, some of which list names, job titles and home addresses of individuals, companies and business email IDs.
Developers who use the Apache Tomcat web application server need to lock it down firmly to prevent compromise. That’s the word from researchers at Aquasec, who note the Mirai botnet is taking advantage of and weak server management passwords to break into the servers.
Finally, the Canadian Centre for Cyber Security has published a background paper on the AlphV/BlackCat ransomware gang. The alert that the gang is targeting Canadian industries has no specific details of firms in their crosshairs. Instead, the report’s purpose is to raise awareness that there have been recent attacks here, and to list the gang’s common tactics and techniques — and how to defend against them. One common tactic: Using email or text messages with links to phish for employee usernames and passwords. Having phishing-resistant multifactor authentication technologies is the best way to stop this.
That’s it for now, But later today the week in review will be available. My guest commentator this week is Jim Love, CIO of IT World Canada, who will discuss recent promises by artificial intelligence software companies like OpenAI to make their platforms less risky.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.