Colorado city a victim of ransomware, FBI warning on security updates and the latest patches from Microsoft, Citrix and others
Welcome to Cyber Security Today. It’s Wednesday August 12th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
A ransomware gang has collected $46,000 from the city of Lafayette, Colorado after knocking out phone email and online payment reservation systems. The city decided it was cheaper to pay up and get decryption keys to unlock scrambled data rather than pay to restore and sanitize its systems. The best defence against ransomware is to constantly remind staff to be careful when clicking on links and attachments in email. This is often how ransomware gets spread.
I often mention how important it is for IT departments as well as consumers to keep track of all the computer devices they have and install security patches soon after they are released. A news report about the latest FBI computer alert quietly sent out to businesses last week is another reminder. The ZDnet news service says the report warns organizations that a group is trying to get into systems by targeting vulnerabilities in networking equipment like virtual private networks and gateways. In particular this group is going after devices made by F5 Networks, Pulse Secure and Citrix. After getting in the hackers use credential-stealing software to get hold of employee usernames and passwords to steal data.
A few software updates to tell you about:
IT administrators who run the vBulletin software for hosting forums should install a new security patch as soon as possible. It plugs a hole that was supposed to be shut with an update last year. However over the weekend a security researcher reported that fix was inadequate and published a way to exploit it. The vulnerability could allow an attacker to hack into a forum and steal users’ personal information. According to a news report one forum has already been hacked with the new technique.
Users of the Google Chrome, Microsoft Edge and Opera browsers on Windows, Mac and Android platforms should make sure they’re running the latest version. A security company called PerimeterX discovered a vulnerability that could allow an attacker to get around the content security policy rules of web sites. These rules protect against a particular kind of cyberattack. In addition website administrators should make sure their content security policy rules are well defined, as well as watch for signs tampering with web page code.
Companies using a remote desktop and conferencing application called TeamViewer for Windows should update to the latest version. It fixes a high-risk vulnerability.
Companies using Citrix Endpoint Management for managing computers and mobile devices should immediately update to the latest version. It’s also called XenMobile Server. In a security bulletin issued yesterday the company said the rolling patches should be installed as soon as possible. Two of the vulnerabilities are rated as critical.
Finally, yesterday was the monthly Patch Tuesday for Microsoft products. One of the bugs fixed a problem Microsoft thought it solved in May that would have allowed an attacker to take over a computer. Another fixes a problem that could help an attacker create malicious files that seem to come from legitimate software companies. Windows should automatically update, but if you want to be sure type Windows Update in the bottom left search bar and then Check for Updates. Other companies that issued updates yesterday were Adobe for Acrobat and Reader, Intel and SAP.
On a side note, while Microsoft programmers look for bugs in their software it also pays people for finding them. In the 12 month period ending June 30th the company paid out $13.7 million in rewards.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.