Cyber Security Today, Feb. 21, 2022 – Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more

Share post:

Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more.

Welcome to Cyber Security Today. It’s Monday February 21st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

People are still being clumsy with the way data is stored on the internet. The latest example: Files with names, email addresses and login details of thousands of members of the Internet Society were recently found in an unsecured Microsoft Azure blob. The Internet Society is an international non-profit that lobbies for a resilient internet. What happened? According to security researchers who found the flaw, the Internet Society blames the association management software it uses. That software, which allows membership information to be stored in the cloud, was configured incorrectly. As a result, if someone knew where to look the information was open to be copied. It isn’t known if anyone other than the researchers found those open files. Misconfigurations are a prime cause of data exposures. Credit for the discovery goes to researchers at Clario and independent researcher Bob Diachenko.

Last week I reported on a vulnerability in Adobe Commerce and Magento e-commerce platforms. However, the patch Adobe issued to fix this flaw wasn’t enough. A new security update has been released for some versions of Commerce and Magento. Check with the Adobe website to see if your implementation needs this patch.

Attention Linux administrators:  Security researchers at Qualys have discovered multiple vulnerabilities in the snap-confine function on Linux operating systems. One of them can be exploited to escalate privileges to gain root privileges. And once an attacker has root privileges they can do pretty much anything. Snap is a software packaging and deployment system allowing software developers to distribute their applications directly to Linux systems. Administrators are urged to apply security patches from their Linux distributions as soon as possible to plug this hole.

Researchers at Avanan have detailed a scam for tricking people using the Microsoft Teams collaboration service into downloading malware. It works like this: A hacker gets into a Teams discussion by one of several ways. If it involves people in two companies, one of the firms might have been hacked. Or the hacker has compromised a person’s email address or Microsoft password to access Teams. Then in the middle of a conversation they attach a compromised file to one or all of the participants. This is a trick that can work with any collaboration or chat application. But hackers often chose Microsoft Teams because Microsoft products are widely used by organizations. To defend against this IT administrators need to add anti-malware protection that sandboxes and scans attachments in collaboration software.

Canadians are getting recorded phone calls from someone claiming to be from the “the department of Service Canada.” This is a fraud. The goal is to get your government of Canada or bank passwords and then your personal information. Just hang up.

Attention WordPress administrators: If you use the free or paid UpdraftPlus backup and recovery plugin, install the latest security patch fast. It fixes a serious vulnerability that allows anyone – not just an administrator — who logs into a WordPress console to compromise a backup. The developer says it would take a very skilled hacker to do that, but assume a few of them are around. Administrators using UpdraftPlus Premium’s feature for encrypting a database backup are protected against data theft.

Finally, The U.S. Cybersecurity and Infrastructure Security Agency is making it easier for IT and business leaders to access its free cybersecurity resources. The agency has created a new online portal. It has resources under titles like “Fix the known security flaws in software,” and “Halt bad practices.” If you type ‘CISA free’ you’ll find the link. It’s also included here. The government of Canada’s free online advisory resources are at the Canadian Centre for Cyber Security. The U.K. resources are at the National Cyber Security Centre. All three are great places to start looking for advice on everything from stopping ransomware to setting up a cybersecurity program.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 21, 2022 – Data on Internet Society members exposed, an alert to Linux administrators, Microsoft Teams users get tricked and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways