A new way of compromising the PyPI repository is found, a warning for MOVEit file transfer users, and more.
Welcome to Cyber Security Today. It’s Friday, June 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A new way threat actors can put malware in the repository of open-source Python projects has been discovered. Researchers at ReversingLabs found a package on PyPI that used compiled Python code to evade detection by security software. It takes advantage of the fact that Python byte code files can be directly executed. The malicious file hidden in the package can download commands from a remote server when installed on a victim’s computer. The researchers believe some developers were suckered into installing this package before the Python Package Index removed it on April 17th. This discovery is another reason why developers have to be careful of every piece of open-source code they download.
Threat actors have found another file transfer utility to target. The application is called MOVEit, made by Progress Software. Progress warned Thursday it has discovered an SQL vulnerability in MOVEit Transfer that could lead to unauthorized access to the application’s environment and data it holds. Progress says administrators should immediately modify firewall rules to deny HTTP and HTTPS traffic to MOVEit Transfer until the company releases a patch. MOVEit is a cloud or on-premise solution. In the past two and a half years hackers have exploited holes in file transfer applications including GoAnywhere MFT, IBM’s Apera Faspex and Accelion FTA.
On my April 21st podcast I told you an American healthcare insurer called Point32Health had reported a ransomware attack. It affected two of the company’s plans: Harvard Pilgrim Health Care commercial and Medicare Advantage Stride. Well, last week Harvard Pilgrim Health Care reported the attack affected more than 2.5 million people. Data copied included insured peoples’ names, dates of birth, Social Security numbers and medical information.
Texas-based commercial real estate firm Moody National has notified the state of California it suffered a ransomware attack last December. Letters are now being sent out to an unknown number of people that their personal data may have been copied by the attackers.
Attention Mac users and administrators: Make sure the May 18th macOS security updates have been installed. One fixes a vulnerability that could allow an attacker to bypass System Integrity Protection, also called SIP. It protects files and directories from being overwritten. Microsoft discovered the vulnerability and notified Apple. Now that the patch has been out for two weeks Microsoft issued a detailed report.
Researchers at Cisco Systems have taken apart commercial spyware aimed at smartphones sold by a company called Intellexa. Spyware takes advantage of zero-day vulnerabilities found before they can be patched. Even still, smartphone users have to make sure their devices have the latest operating system security updates installed. If you have a sensitive job and think you could be a target, add an anti-malware solution.
Finally, Amazon would have to pay a US$25 million penalty and stop misrepresenting its privacy policies for the Alexa voice assistant under a proposed deal announced this week. This is to settle allegations Amazon violated a U.S. child online privacy law. The Federal Trade Commission alleges Amazon prevented parents from exercising their data deletion rights. It is alleged Amazon assured parents they could delete Alexa voice recordings. Instead Amazon allegedly kept sensitive voice and geolocation for years and used it to train Alexa algorithms. Under the proposed deal Amazon would have to overhaul its data deletion and privacy safeguard rules.
That’s it for now. However, later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss a privacy commissioner’s report into the ransomware on Newfoundland’s healthcare system, and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.