Cyber Security Today, Oct. 13, 2023 – A ransomware gang offers cash for employees to betray their firms

A ransomware gang offers cash for employees to betray their firms.

Welcome to Cyber Security Today. It’s Friday, October 13th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

The Everest ransomware group is again trying to lure employees to help it compromise their firm in exchange for cash. The Register reports that in a new post on its dark web victim blog the gang promises a “good percentage” of any profits it gets from a successful attack to employees that hand over their access for infiltration. In particular they’re looking for greedy people in the U.S. Canada and Europe. It isn’t clear if the gang is adding to its toolkit by selling the access it gets to other gangs or it wants to use the access to spread its ransomware.

A Western U.S. housing authority has allegedly been compromised by a ransomware gang. The NoEscape group lists the authority on its site, says a news story on Databreaches.net. The claim has not been verified.

Two weeks ago Progress Software urged administrators overseeing its WS_FTP file transfer software to patch the application fast to close a vulnerability. Yesterday researchers at Sophos Group said those that haven’t patched will be in trouble. A ransomware gang called Reichsadler Cybercrime Group is trying to exploit unpatched installations of the server. Progress Software is also the developer of another file transfer suite called MOVEit.

On a similar line, Microsoft warned that a nation-state threat actor is trying to exploit an unpatched vulnerability in Atlassian’s Confluence server. This group has been at it since September 14th. A patch for that hole has been available for over a week, so there’s no excuse for your server to be hit now.

WordPress administrators are being warned to watch their sites for a backdoor that slipped into their content management application. It works as a standalone script and pretends to be a plug-in. The alert comes from researchers at Wordfence, who say the malware has the ability to create an admin account. The report doesn’t say how the malware gets installed, but possibly an employee downloaded something that looks like a legitimate plug-in. One way to fight this is make sure staff are restricted in what they can add to WordPress.

West Texas Gas, an energy provider in Texas and Oklahoma, is notifying over 56,000 customers that some of their personal information was stolen in May. Data taken includes names, debit or credit card numbers as well as the security codes, access codes or passwords for their accounts.

Former Uber CEO Joe Sullivan is appealing his conviction earlier this year of obstruction of justice in connection with the massive 2016 data breach at the ride-sharing company. Prosecutors said he withheld information about that incident from the Federal Trade Commission, which was investigating a 2014 data theft.

Finally, Apple has released more security updates, this time for older iPhones, iPads and iPad minis still eligible for patches. Make sure your device is at least running version 16.7.1 of the operating system.

That’s it for now. But later today the Week in Review podcast will be out. Guest commentator David Shipley of Beauceron Security will be here to talk about the SEC’s investigation into the huge number of MOVEit hacks, data thefts from DNA testing service 23andMe and more.

Links to details about news in every podcast episode are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast