Cyber Security Today, June 17, 2022 – Ransomware could hit Microsoft 365 files, a warning to web developers and more

Share post:

Ransomware could hit Microsoft 365 files, a warning to web developers and more. Welcome to Cyber Security Today. It’s Friday June 17th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.  
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Ransomware can encrypt and render unrecoverable files saved by Microsoft’s cloud-based Office 365 suite if the files are in SharePoint or OneDrive storage. That’s according to security researchers at Proofpoint. It’s another way ransomware gangs can attack data held in the cloud, their report says. It warns IT administrators that only if they have separate backups of 365 data can they be safe from ransomware. A successful attack would start with a threat actor accessing a user’s SharePoint Online or OneDrive accounts by compromising or hijacking their login credentials. 365 allows users to save several versions of files. But if the attacker reduces the number of versions stored to a low number, such as 1, the stored files over that limit can be encrypted. Proofpoint quotes Microsoft saying it might be able to recover older versions of files before they were encrypted. There are defences against this kind of attack. They include using multifactor authentication to lower the odds of accounts being compromised by stolen passwords, backing up cloud files outside of the Microsoft 365 environment and increasing the number of restorable versions of stored data held inside 365. Developers using the Telerik UI web application framework should be aware that a three-old year vulnerability continues to be exploited by hackers. The flaw allows the takeover of web servers built with the platform. Researchers at Sophos said the latest attempt was seen in May. While Telerik issued a patch a while ago, some systems are still at risk. One problem is the framework is embedded into custom web applications so its hard for IT managers to know if their application is vulnerable. Here’s where a software bill of goods that details what’s in an application would be useful. Sophos says applying security patches and application updates to sensitive web-facing applications will help, as well as having robust ransomware and malware protection. Finally, in news only emerging now, police in a number of countries recently arrested 2,000 people accused of being part of call centre and email scams. The Interpol police co-operative said this week the two-month operation also froze 4,000 bank accounts and intercepted some US$50 million in illicit funds. One of those arrested was a Chinese national allegedly involved in a Ponzi scam estimated to have defrauded nearly 24,000 people of about US$34 million. That’s it for now. But remember later today the Week in Review edition will be out. Guest commentator David Shipley and I will scrutinize Canada’s proposed new cybersecurity and data privacy laws. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, June 17, 2022 – Ransomware could hit Microsoft 365 files, a warning to web developers and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways