• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Podcasts

Cyber Security Today, April 1, 2022 – Spring Java framework needs patching, nation-state attackers take advantage of Ukraine war and a warning to student job seekers

Howard Solomon by Howard Solomon
April 4, 2022
in Podcasts, Security
0 0
0
Spring Java framework needs patching, nation-state attackers take advantage of Ukraine war and a warning to student job seekers. Welcome to Cyber Security Today. It’s Friday, April 1st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Software developers using the Spring Java application development framework should install the latest security updates. These close three vulnerabilities. Two were discovered this year. The third is a patch for an older vulnerability some researchers have dubbed SpringShell or Spring4Shell. That’s because they think its similar to the Log4Shell vulnerability in the Apache log4j logging library. That may or may not be true. Regardless, a patch for that particular hole was released on Thursday by VMware, which owns the Spring framework. Lots of threat actors are using the war in Ukraine as cover for spear phishing attacks, according to Google. It says government-backed threat actors from China, Iran, North Korea and Russia as well as some unattributed groups are using war-related themes to trick victims into opening malicious emails or clicking on malicious links. For example, someone is impersonating military personnel to extort money for rescuing relatives in Ukraine. A Russian-based threat actor sometimes referred to as Calisto has launched credential phishing campaigns targeting several U.S.-based non-profits and think tanks. They’re also going after the military of several Eastern European countries as well as a NATO Centre of Excellence. A group believed to be from China’s military has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia. So, be careful of unexpected email with themes about the war. Meanwhile fixed broadband satellite provider Viasat has acknowledged the consumer side of its service was disrupted in Ukraine and several European countries by a cyber attack just as the Russian invasion started on February 24th. The attack didn’t affect Viasat’s mobility service, it said, or service to government customers. But it damaged some customer modems so much that Viasat has shipped tens of thousands of replacement units to distributors. The company said an attacker exploited a misconfiguration in a VPN appliance to gain remote access to the management segment of the satellite network. Then they issued destructive commands to the modems. University and college students are understandably eager to have money to pay rent to make a dent in their student loans. However, crooks are preying on that eagerness with tempting emailed job offers from recruiters they never meet. One goal is to get the victims’ name, address, birthday and social insurance number for identity fraud. Another is to sucker the victim into handing over money. The so-called jobs can be as varied as caregivers, mystery shoppers, administrative assistants, models, or rebate processors. Some enticements are that the victim can work from home. Sometimes the recruiter asks for a small amount of money upfront by promising big money later. In the worst cases the victim ends up working as an unsuspecting money mule for a criminal gang. These job offers are sometimes dazzling. Earlier this year Proofpoint discovered a scam trying to recruit university students for an executive personal assistant role at the United Nations Children’s Fund, known as UNICEF. Another email offered a three-day modeling job on a film shoot, claiming the company saw the victim’s profile on Instagram. Beware of an unexpected job offer received from a freemail account such as Gmail or Hotmail that spoofs a legitimate organization. Beware of nonexistent or overly simplistic interview questions with little to no information about the job duties. Finally, researchers at Bitdefender have found vulnerabilities in the Wyze Cam computer video camera used by consumers and small businesses. Make sure the latest security patches have been installed. Note that patches are only available for version 2 and 3 of this device. Version 1 is discontinued and no longer receives security fixes. Don’t forget later today the Week in Review podcast will be available. Terry Cutler of Cyology Labs and I will discuss backups, nation-state cyberattacks and how police are being fooled into giving up your subscriber information. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, April 1, 2022 – Spring Java framework needs patching, nation-state attackers take advantage of Ukraine war and a warning to student job seekers first appeared on IT World Canada.
Tags: cyber security todayPrivacy & Security

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Mobility
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00