Poor password hygiene was behind huge TransUnion hack, cyber retaliation against Russia backfires and more.
Welcome to Cyber Security Today. It’s Monday, March 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A hacking group from Brazil claims to have stolen data on 54 million people held by the South African division of the TransUnion credit rating agency. The group told the Bleeping Computer news agency that it cracked a file server whose password allegedly was the word ‘password.’ TransUnion has acknowledged the hack but says the hackers used an authorized client’s credentials. That conflicts with what hackers told Bleeping Computer – that they didn’t steal a user’s password. Either way, it isn’t good. No company should allow an easily cracked password to be used. IT systems should be set up to prevent that from happening, including the use of multifactor authentication.
Researchers at the Talos threat intelligence service of Cisco Systems have concluded that at least one affiliate of the BlackMatter ransomware gang was an early distributor of the BlackCat or ALPHV strain of ransomware. Affiliates of ransomware gangs do the actual hacking of a victim organization. After that they insert the ransomware they’ve signed up to use – Conti, Ryuk, BlackMatter et cetera. The report is further evidence of a link between the BlackMatter and BlackCat groups. It also has useful information about how an intrusion develops But what I found most interesting in the report was a little piece of information tacked on to the end: The two attacks analyzed each took only 15 days from start to data encryption. That means IT defenders must closely monitor their network environments for suspicious activity. If they find something odd they have to act fast.
Computer-savvy individuals around the world are trying in several ways to react to Russia’s invasion of Ukraine. For example, a group in Poland is behind an effort that lets people randomly email and tweet Russian citizens with links to anti-war news sites. But an application developer’s use of the open-source NPM library to infect computers in Russia and Belarus went too far. Programmers complained it was an abuse of the open-source system. According to a security researcher, the developer of the package recently added code to detect downloads of his package from Russia and Belarus. If the package went to those two countries a destructive data wiper activated on those computers. The developer’s application package is used by many other open-source packages, so its spread could have been multiplied. A news article notes the disk-wiping function was removed after loud protests from the open-source community.
Attention network administrators: If you use the BIND domain server software in your environment update to the latest version. This comes after the discovery of four vulnerabilities. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Finally, home and small business users of Western Digital’s EdgeRover data management app must update it to the latest version quickly. That’s because a critical vulnerability has been found. The hole could allow an attacker to access your data. This applies to both the Windows and Mac versions of the application.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.