Misconfigurations, link shortening, ransomware operators arrested and more
Welcome to Cyber Security Today. It’s Wednesday October 6th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Misconfiguration of applications and servers is in the news this week because of the hours-long outage at Facebook, Instagram and WhatsApp. As of the recording of this podcast it’s still not known exactly why there was an ‘oopsy’ moment.
But it won’t be the last. Here’s another: Researchers at security firm Intezer said this week that some IT staff or developers running the Apache Airflow platform are guilty of misconfiguring it, leaving firms open to being hacked. Airflow is an open-source workflow management platform used by application developers. What Intezer researchers found were misconfigured instances of Airflow that exposed passwords of users on Amazon Web Services, Pay Pal, Slack and other cloud services. In these cases the problem was bad application coding that could reveal passwords. But researchers also found sensitive data of companies in a wide range of industries through their misconfigured Airflow instances. Organizations using Airflow should upgrade to the latest version, which is more secure. Only authorized staff should be allowed to use it. IT departments should investigate software that can spot misconfigurations and issue alerts.
Separately, Apache has released a security patch for its HTTP Web Sever. It closes a hole in version 2.4.49 in the application. The new version ends in .50.
One more ‘oopsy’ moment. This one was committed by the British newspaper The Telegraph. Security researcher Bob Diachenko discovered a misconfigured and unprotected database of information with subscribers’ names, email addresses and other things. The Bleeping Computer news service says the number of victims could be between 600 and 1,200 people.
Many of you know that hackers hide malicious links to bad websites by using URL shortening services. So rather than include a link in an email with a long — and obviously fake – internet address, the crook uses a shortening service like bitly. Smart people know to be wary of short links. Crooks have caught on to this and are now using short links created by LinkedIn. That’s because LinkedIn automatically shortens long links. Researchers at Avanan figured this out. So be careful before clicking on links that include ‘lnkd.in.’ – particularly if you expect the link to go to a company or document.
News emerged this week that two prolific ransomware operators were arrested in September in Ukraine. The announcement came from the Europol police co-operative, which said police in Ukraine, France and the FBI were involved. The group is suspected of having committed a string of attacks against large industrial companies in Europe and North America in the past 18 months. In addition to seizing cash and two luxury vehicles, police also froze $1.3 million in cryptocurrencies.
The operators of the White House Market, a dark web underground marketplace for trading illegal goods, say they’ve shut the site down. According to the news site The Record, the operators posted a note saying they reached their goals and are retiring. On the other hand, the note also says the gang may come back with a different project.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.