Cyber Security Today, Feb. 21, 2022 – Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more

Share post:

Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more.

Welcome to Cyber Security Today. It’s Monday February 21st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

People are still being clumsy with the way data is stored on the internet. The latest example: Files with names, email addresses and login details of thousands of members of the Internet Society were recently found in an unsecured Microsoft Azure blob. The Internet Society is an international non-profit that lobbies for a resilient internet. What happened? According to security researchers who found the flaw, the Internet Society blames the association management software it uses. That software, which allows membership information to be stored in the cloud, was configured incorrectly. As a result, if someone knew where to look the information was open to be copied. It isn’t known if anyone other than the researchers found those open files. Misconfigurations are a prime cause of data exposures. Credit for the discovery goes to researchers at Clario and independent researcher Bob Diachenko.

Last week I reported on a vulnerability in Adobe Commerce and Magento e-commerce platforms. However, the patch Adobe issued to fix this flaw wasn’t enough. A new security update has been released for some versions of Commerce and Magento. Check with the Adobe website to see if your implementation needs this patch.

Attention Linux administrators:  Security researchers at Qualys have discovered multiple vulnerabilities in the snap-confine function on Linux operating systems. One of them can be exploited to escalate privileges to gain root privileges. And once an attacker has root privileges they can do pretty much anything. Snap is a software packaging and deployment system allowing software developers to distribute their applications directly to Linux systems. Administrators are urged to apply security patches from their Linux distributions as soon as possible to plug this hole.

Researchers at Avanan have detailed a scam for tricking people using the Microsoft Teams collaboration service into downloading malware. It works like this: A hacker gets into a Teams discussion by one of several ways. If it involves people in two companies, one of the firms might have been hacked. Or the hacker has compromised a person’s email address or Microsoft password to access Teams. Then in the middle of a conversation they attach a compromised file to one or all of the participants. This is a trick that can work with any collaboration or chat application. But hackers often chose Microsoft Teams because Microsoft products are widely used by organizations. To defend against this IT administrators need to add anti-malware protection that sandboxes and scans attachments in collaboration software.

Canadians are getting recorded phone calls from someone claiming to be from the “the department of Service Canada.” This is a fraud. The goal is to get your government of Canada or bank passwords and then your personal information. Just hang up.

Attention WordPress administrators: If you use the free or paid UpdraftPlus backup and recovery plugin, install the latest security patch fast. It fixes a serious vulnerability that allows anyone – not just an administrator — who logs into a WordPress console to compromise a backup. The developer says it would take a very skilled hacker to do that, but assume a few of them are around. Administrators using UpdraftPlus Premium’s feature for encrypting a database backup are protected against data theft.

Finally, The U.S. Cybersecurity and Infrastructure Security Agency is making it easier for IT and business leaders to access its free cybersecurity resources. The agency has created a new online portal. It has resources under titles like “Fix the known security flaws in software,” and “Halt bad practices.” If you type ‘CISA free’ you’ll find the link. It’s also included here. The government of Canada’s free online advisory resources are at the Canadian Centre for Cyber Security. The U.K. resources are at the National Cyber Security Centre. All three are great places to start looking for advice on everything from stopping ransomware to setting up a cybersecurity program.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 21, 2022 – Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Apple gets hammered by the EU again: Hashtag Trending for Tuesday, March 26, 2024

Apple gets hammered by the EU once again while there’s a threat in the US of breaking up the big tech giants. Google appears to have another problem AI implementation, Steve Wozniak is back as an unlikely critic of the TikTok ban, a new open source AI that runs on your computer an an Amazon

CIOs complain of “application sprawl” – Hashtag Trending, Monday March 25th, 2024

Apple may get an unexpected penalty from the US Governments new lawsuit, survey of CIOs complains of application sprawl but proposes that the way to get out of it is “more applications”, 1% of employees cause 89% of data loss events and information surfaces about some potentially enormous developments in AI in the coming months.

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways