Cyber Security Today, June 17, 2022 – Ransomware could hit Microsoft 365 files, a warning to web developers and more

Share post:

Ransomware could hit Microsoft 365 files, a warning to web developers and more. Welcome to Cyber Security Today. It’s Friday June 17th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.  
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Ransomware can encrypt and render unrecoverable files saved by Microsoft’s cloud-based Office 365 suite if the files are in SharePoint or OneDrive storage. That’s according to security researchers at Proofpoint. It’s another way ransomware gangs can attack data held in the cloud, their report says. It warns IT administrators that only if they have separate backups of 365 data can they be safe from ransomware. A successful attack would start with a threat actor accessing a user’s SharePoint Online or OneDrive accounts by compromising or hijacking their login credentials. 365 allows users to save several versions of files. But if the attacker reduces the number of versions stored to a low number, such as 1, the stored files over that limit can be encrypted. Proofpoint quotes Microsoft saying it might be able to recover older versions of files before they were encrypted. There are defences against this kind of attack. They include using multifactor authentication to lower the odds of accounts being compromised by stolen passwords, backing up cloud files outside of the Microsoft 365 environment and increasing the number of restorable versions of stored data held inside 365. Developers using the Telerik UI web application framework should be aware that a three-old year vulnerability continues to be exploited by hackers. The flaw allows the takeover of web servers built with the platform. Researchers at Sophos said the latest attempt was seen in May. While Telerik issued a patch a while ago, some systems are still at risk. One problem is the framework is embedded into custom web applications so its hard for IT managers to know if their application is vulnerable. Here’s where a software bill of goods that details what’s in an application would be useful. Sophos says applying security patches and application updates to sensitive web-facing applications will help, as well as having robust ransomware and malware protection. Finally, in news only emerging now, police in a number of countries recently arrested 2,000 people accused of being part of call centre and email scams. The Interpol police co-operative said this week the two-month operation also froze 4,000 bank accounts and intercepted some US$50 million in illicit funds. One of those arrested was a Chinese national allegedly involved in a Ponzi scam estimated to have defrauded nearly 24,000 people of about US$34 million. That’s it for now. But remember later today the Week in Review edition will be out. Guest commentator David Shipley and I will scrutinize Canada’s proposed new cybersecurity and data privacy laws. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, June 17, 2022 – Ransomware could hit Microsoft 365 files, a warning to web developers and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Apple gets hammered by the EU again: Hashtag Trending for Tuesday, March 26, 2024

Apple gets hammered by the EU once again while there’s a threat in the US of breaking up the big tech giants. Google appears to have another problem AI implementation, Steve Wozniak is back as an unlikely critic of the TikTok ban, a new open source AI that runs on your computer an an Amazon

CIOs complain of “application sprawl” – Hashtag Trending, Monday March 25th, 2024

Apple may get an unexpected penalty from the US Governments new lawsuit, survey of CIOs complains of application sprawl but proposes that the way to get out of it is “more applications”, 1% of employees cause 89% of data loss events and information surfaces about some potentially enormous developments in AI in the coming months.

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways