Ransomware training from Ryerson, Aruba Central is compromised, a new botnet is discovered and more.
Welcome to Cyber Security Today. It’s Friday, November 12th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Is your firm having trouble with its ransomware strategy? Ryerson University’s Cybersecure Catalyst is offering virtual and in-person training for IT leaders and senior managers of Canadian organizations. The fee-based workshop for business leaders has four 90-minute sessions to help managers assess their incident response capabilities. For IT teams there’s a half-day simulated ransomware attack to test their incident response skills. Here’s a link to the details.
Another network monitoring platform has been compromised. HPE is warning network administrators that use its cloud-based Aruba Central network monitoring service that an attacker was able to get hold of a data access key last month. Accessed was data on some Wi-Fi network behaviour, performance and location information on most customers going back to September 10th. This is data HPE collects for analytics. The data also includes device MAC and IP addresses, both of which could identify a user.. So far HPE believes a “very small amount” if any data was copied.
A new botnet is targeting routers and IoT devices to distribute malware. Researchers at AT&T call iBotenaGo, in part because it’s written in the Go programming language. Currently it comes ready to exploit more than 30 unpatched vulnerabilities in devices from manufacturers including D-Link, Netgear, Linksys, Comtrend, ZyXEL and others. Then it can burrow deeper into infected systems. Businesses and individuals alike can stop attacks like this by making sure all software and hardware have the latest security patches. If your routers and other hardware are old and the manufacturer doesn’t offer patches anymore they have to be replaced.
Attention IT administrators: If your firm uses VMWare’s vCenter Server or Cloud Foundation note the advisory that VMware put out yesterday. There’s a privilege escalation vulnerability that has to be addressed. So far only a workaround is available.
Attention WordPress administrators: If you use the Pro version of the WP Reset plugin make sure you’re running the latest version. Researchers at PatchStack discovered a vulnerability that could allow an authenticated user to wipe an entire WordPress database. In addition the attacker could upload a malicious plugin or backdoor in a new WordPress installation that follows the deletion of the database.
And users of Apple’s iCloud for Windows version 13 should note there’s a new security update available to close a serious hole.
Open-source software development teams that use Google’s OSS-Fuzz program to uncover security coding errors have a new aid. It’s called ClusterFuzzLite, and it’s also from Google. It works with OSS-Fuzz to catch regression bugs early in the development process. For those who don’t know, fuzz testing — or fuzzing — inserts random data into an application to see if the software crashes or does dangerous things. Developers using the GitHub platform can integrate ClusterFuzzLite into their workflow. And it’s free.
Finally, later today the Week in Review edition will be out. A guest commentator and I will talk about protecting against lateral movement in cyberattacks, preventing customer support employees from being fooled and zero-day threats.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.