Patch this WordPress plugin hole fast, a data breach at a Discord provider and more.
Welcome to Cyber Security Today. It’s Monday, May 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Attackers have been quickly trying to exploit a new WordPress plugin vulnerability in the past 10 days. According to researchers at Akamai, the plugin is from a developer called Advanced Custom Fields. After word of the hole emerged early this month, exploitation attempts started within 24 hours. Why? Because attackers were able to copy and use some sample exploit code created by a security company and published in a public report. It’s vital WordPress administrators who use this plugin patch it fast.
The Discord messaging service is notifying some users of a data breach. It occurred after the account of a third-party support agent was compromised. According to Bleeping Computer, an unknown number of users have been told there was a recent “brief incident” when someone accessed the support ticket queue of Discord’s external customer service provider. As a result, users’ email addresses and content of their messages with that support provider may have been seen and copied.
Man-in-the-middle email attacks continue to increase. That’s according to researchers at Cofence. They’ve seen a 35 per cent increase in these kinds of attacks over the last 12 months — and the overwhelming majority of them are aimed at organizations using Office 365. In this kind of an attack, a victim is sent an email with a link to what they think is a trusted web page. The page may be for a supposed software or network update, or it may impersonate a Microsoft login page. The goal is to steal the employee’s login credentials, including their multifactor authentication code. Then the attacker can sit in the middle of the victim’s email traffic to see — and influence — their communications. Employees should be reminded which online portals are approved for company use. They also need to be warned how to spot links in messages that take them to fake websites.
All application developers that use GitHub can now take advantage of the platform’s push protection security feature. This comes after an extensive test period. Push protection helps prevent developers from inadvertently including password tokens in code before final release. Anyone using GitHub in a public repository gets access to the push protection code scanner for free. Those with private repositories have to pay US$21 a month for a GitHub Advanced Security licence. One commentator with the SANS Institute says adding this mitigation to your tools is a no-brainer.
Attention IT administrators and individuals: If you have motherboards, graphic cards, computers and other hardware made by MSI be careful with any firmware updates. The warning came last week from the Dutch National Cyber Security Centre. As I reported in April, MSI was hit by a ransomware gang. The cyber centre now reports that private keys used to digitally sign firmware for motherboards have been leaked by that gang. In addition, private keys used by Intel Boot Guard for MSI motherboards have also been leaked. Both mean an attacker could issue compromised but legitimately-signed updates for MSI motherboards. Make sure any firmware updates for MSI systems come from approved sources.
Some firms underplay the risks a cyber incident will have on their public reputation. A recent survey is a reminder that’s a bad strategy. The survey of 1,000 Americans for Telesign, a customer identity solutions provider, found 43 per cent of data breach victims said they stopped associating with the hacked brands. Almost a half of data breach victims told friends and family not to associate with the brand.
In March I reported that an Australian company called Latitude Financial admitted data on 14 million Australian and New Zealand customers was copied by crooks. Last week the privacy commissioners of Australia and New Zealand announced a joint investigation into what happened and why. The investigation will ask whether Latitude took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorized access, modification or disclosure. The Australian Privacy Commissioner can ask for civil penalties through the Federal Court of up to $50 million for each contravention of the law.
The city of Dallas, Texas continues to make progress on recovering from a ransomware attack. The is no indication data from residents, vendors or employees has been leaked, the city said in its most recent update. Dallas Water Utilities payment systems and meter reading software are back online. Development Services is now accepting electronic plan submissions, processing payments, and issuing permits. There is no estimate on how much it will cost the city to restore services, or if any data was unrecoverable from the attack.
Speaking of ransomware, last week a publication called CFO Dive, for chief financial officers, quoted insurance broker Marsh saying its U.S. customers filled 55 ransomware claims in the first quarter. That was a 77 per cent increase over the number of claims filed in December. Reliance, a cyber insurance provider, saw its ransomware claims go up in the first quarter as well. This reflects numbers showing the number of successful ransomware attacks were up in the first quarter.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.