A new ransomware advice site, another Windows print spooler problem and more companies caught with unsecured cloud data storage.
Welcome to Cyber Security Today. It’s Monday July 19th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
There’s no shortage of online advice for IT departments and senior managers about lowering the risk of ransomware. Their first stop should be their major suppliers of software and hardware. But for those who need a basic introduction the U.S. government has just launched a site called Stop Ransomware. You can start with the article, ‘What is ransomware.’ and drill in deeper from there. It brings together resources from a number of government departments. It’s hosted here by the Cybersecurity and Infrastructure Security Agency.
Canadians will find our government’s resources page at the Canadian Centre for Cyber Security, which is cyber.gc.ca. On the right-hand side there’s a link to the ransomware advice page. Both of these sites offer good advice for very small companies, and will help them ask questions if they hire a consultant. If you have a complex IT environment and/or handle a lot of valuable data, you need to talk to an expert.
Ransomware doesn’t only target Windows servers. A report from the Bleeping Computer news service quotes a security researcher called MalwareHunterTeam finding a version of the Hello Kitty ransomware aimed at VMware’s ESXi virtual machines on Linux. Linux administrators, you have been warned.
Attention Windows administrators: If you think last Tuesday’s monthly patches fixed all the vulnerabilities with Windows Print Spooler, you’re wrong. On Thursday Microsoft warned a new problem had been found. As of the recording of this podcast there wasn’t a patch, so the only solution is to disable the Print Spooler service. Then watch for Microsoft to issue a patch.
Here’s a bunch of security updates from other vendors you can install:
D-Link has issued patches for its DIR-3040 wireless internet router after Cisco Systems spotted several vulnerabilities. One of them could cut off internet service, while the other could allow an attacker to take over the device and run any code they wanted.
Cisco also discovered serious vulnerabilities in the R-SeeNet monitoring software used by routers made by Advantech. An attacker could use these bugs to get into corporate systems.
Meanwhile Cisco released patches for two of its own products. These are high severity vulnerabilities in the Adaptive Security Appliance Software and the Firepower Threat Defence application. These vulnerabilities could allow a denial of service attack.
Another misconfigured Amazon S3 bucket of data by an employee has led to stolen information. A news site called WizCase said the bucket belongs to Artwork Archive, a U.S. based site where artists can sell to businesses, universities and galleries. The data included names, addresses, email address and purchase details from copies of invoices. No password was needed to access the data, nor was it encrypted. What could a crook do with this data? Possibly pose as an artist and sell forged artwork to customers.
Even worse, someone at a California company that processes insurance applications also left one of its Amazon data servers unprotected. According to security researcher Bob Diachenko, the server had over 700,000 files, some of which had very sensitive personal and medical information of insurance applicants. Files seen by the Tech Crunch news service had names, Social Security numbers, lab results and more. Some of the files dated back to 2015.
These two incidents are just the latest examples of how organizations still aren’t training employees how to properly secure data.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.