Cyber Security Today, March 12, 2021 – More on Exchange Server vulnerabilities, criminal groups blocked from using secure messaging service and warning about sex toys

More on Exchange Server vulnerabilities, criminal groups blocked from using secure messaging service and warning about sex toys.

Welcome to Cyber Security Today. It’s Friday March 12. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To play the podcast click on the arrow below:

 

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

More troubling information is emerging after the discovery of four vulnerabilities in on-premise installations of Microsoft Exchange Server. A researcher at security vendor DomainTools notes suspicious activity was detected as far back as last October. Most public reports say exploitation of the vulnerabilities started early in January. This means the attackers could have been in Exchange Server environments much earlier than that. It also means that administrators of Exchange Server have to look further back for possible signs compromise, like web shells and backdoors. Patching Exchange Server alone isn’t enough.

Researchers are also finding more threat groups are taking advantage of the vulnerabilities. That’s because proof of concept exploitations are circulating. If you have Exchange Server don’t put off patching and searching for compromises.

There will be more on this later today during the Week In Review podcast, available after 3 p.m. Eastern.

Security teams with Linux systems should be on the lookout for signs of a backdoor installed on their desktop computers and servers, says a security firm called Intezer. The report doesn’t detail how victims were infected. Because of the sophistication of this malware researchers suspect it was developed by a nation-state.

For knowledgeable professionals, the backdoor disguises itself as a PolicyKit daemon. Once installed it automatically collects computer system information and sends it encrypted to a command server.

More on backdoors: Security vendor Bitdefender has discovered new versions of a backdoor used by a threat group called by researchers FIN8. This group focuses on financial gain from victims like insurance companies, retail chains, IT companies and chemical manufacturers.

There are several mediations. In particular retail firms should separate their point of sale networks from the networks used by employees or guests. Because backdoors are usually distributed through email organizations should – as always — make sure their email systems automatically reject malicious or suspicious attachments.

The U.S. Justice Department has seized another criminal website offering to sell a drug for treating COVID-19. It’s real purpose was to collect personal information from victims. It’s the fifth fraudulent COVID-19 website sized by American authorities.

Police in Belgium and the Netherlands have arrested several people after blocking the use by crime groups of the Sky ECC messaging service. The Europol police co-operative says authorities have been able to continuously monitor the service, which is supposed to be encrypted. The statement says the encryption was “unlocked” after some mobile phones were seized in Belgium. Sky ECC is operated from the U.S. and Canada, says Europol. This comes after French and Dutch authorities last July dismantled the EncroChat phone network used by criminals. Europol says many EncroChat users switched to Sky EEC after that. Sky ECC says its platform has not been hacked.

Finally, a warning about internet-connected sex toys. They can help pass the time between you and a partner. However, a report from security vendor ESET warns these wireless devices carry privacy risks. When the toy is enabled it will ask for access to personal information on your smartphone, particularly if you are using it in conjunction with chat, videoconferencing or remote control. It may also try to access your camera. Wi-Fi or Bluetooth signals could be intercepted. If the software isn’t secure it could be hacked. When buying anything that connects to the internet make sure its from a reputable manufacturer you can count on to issue security patches.

Don’t forget this afternoon you can catch the Week In Review edition of the podcast, where I discuss some of this week’s news with a guest analyst. Topics today include the Microsoft Exchange hacks, International Women’s Day and the attack on video surveillance provider Verkada.

You can listen on your way home or on the weekend.

Links to details about these stories are in the text version of this podcast at ITWorldCanada.com.

Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast