More on Exchange Server vulnerabilities, criminal groups blocked from using secure messaging service and warning about sex toys.
Welcome to Cyber Security Today. It’s Friday March 12. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To play the podcast click on the arrow below:
More troubling information is emerging after the discovery of four vulnerabilities in on-premise installations of Microsoft Exchange Server. A researcher at security vendor DomainTools notes suspicious activity was detected as far back as last October. Most public reports say exploitation of the vulnerabilities started early in January. This means the attackers could have been in Exchange Server environments much earlier than that. It also means that administrators of Exchange Server have to look further back for possible signs compromise, like web shells and backdoors. Patching Exchange Server alone isn’t enough.
Researchers are also finding more threat groups are taking advantage of the vulnerabilities. That’s because proof of concept exploitations are circulating. If you have Exchange Server don’t put off patching and searching for compromises.
There will be more on this later today during the Week In Review podcast, available after 3 p.m. Eastern.
Security teams with Linux systems should be on the lookout for signs of a backdoor installed on their desktop computers and servers, says a security firm called Intezer. The report doesn’t detail how victims were infected. Because of the sophistication of this malware researchers suspect it was developed by a nation-state.
For knowledgeable professionals, the backdoor disguises itself as a PolicyKit daemon. Once installed it automatically collects computer system information and sends it encrypted to a command server.
More on backdoors: Security vendor Bitdefender has discovered new versions of a backdoor used by a threat group called by researchers FIN8. This group focuses on financial gain from victims like insurance companies, retail chains, IT companies and chemical manufacturers.
There are several mediations. In particular retail firms should separate their point of sale networks from the networks used by employees or guests. Because backdoors are usually distributed through email organizations should – as always — make sure their email systems automatically reject malicious or suspicious attachments.
The U.S. Justice Department has seized another criminal website offering to sell a drug for treating COVID-19. It’s real purpose was to collect personal information from victims. It’s the fifth fraudulent COVID-19 website sized by American authorities.
Police in Belgium and the Netherlands have arrested several people after blocking the use by crime groups of the Sky ECC messaging service. The Europol police co-operative says authorities have been able to continuously monitor the service, which is supposed to be encrypted. The statement says the encryption was “unlocked” after some mobile phones were seized in Belgium. Sky ECC is operated from the U.S. and Canada, says Europol. This comes after French and Dutch authorities last July dismantled the EncroChat phone network used by criminals. Europol says many EncroChat users switched to Sky EEC after that. Sky ECC says its platform has not been hacked.
Finally, a warning about internet-connected sex toys. They can help pass the time between you and a partner. However, a report from security vendor ESET warns these wireless devices carry privacy risks. When the toy is enabled it will ask for access to personal information on your smartphone, particularly if you are using it in conjunction with chat, videoconferencing or remote control. It may also try to access your camera. Wi-Fi or Bluetooth signals could be intercepted. If the software isn’t secure it could be hacked. When buying anything that connects to the internet make sure its from a reputable manufacturer you can count on to issue security patches.
Don’t forget this afternoon you can catch the Week In Review edition of the podcast, where I discuss some of this week’s news with a guest analyst. Topics today include the Microsoft Exchange hacks, International Women’s Day and the attack on video surveillance provider Verkada.
You can listen on your way home or on the weekend.
Links to details about these stories are in the text version of this podcast at ITWorldCanada.com.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.