Cyber Security Today, June 27, 2022 – A warning to firms using VoIP systems, malicious files in an open source Python registry, and more

Share post:

A warning to firms using VoIP systems, malicious files in an open-source Python registry, and more. Welcome to Cyber Security Today. It’s Monday, June 27th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
Organizations turn to voice-over-IP phone systems as a way of saving money. However, if these systems aren’t properly protected they could be an entry point into internet-connected systems. The latest example is a report by researchers at Crowdstrike into their discovery earlier this year of an undocumented vulnerability in a VoIP system made by Ottawa’s Mitel Networks. A suspected ransomware threat actor gained initial access to an organization’s network through the Mitel MiVoice Connect appliance using a zero-day vulnerability. Fortunately, the attack was detected and stopped. After being notified, Mitel issued a critical security advisory in March urging administrators to install a patch to close this hole. Crowdstrike waited until now to issue its report on the incident. Two lessons to IT staff: First, security updates on any internet-connected device on your networks — not just servers and desktops — have to be patched as soon as possible. Second any internet-connected device — including VoIP phone systems — must have anti-virus, anti-malware or firewall protection. Here’s another example of why application developers shouldn’t automatically trust code posted to open source libraries. Researchers at Sonatype recently discovered five suspicious if not malicious Python packages in the open source PyPi registry. If included in an application some of them could steal Amazon AWS credentials and other information included in software. Sonatype reported its findings to PyPi and the packages have been removed. If you’re worried about whether these libraries are in your application there’s a link to the Sonatype report in the text version of this podcast at Developers who use open source packages should research and scan any code they download. A hacker claims they have already broken into and are selling access to 50 IT networks of organizations that have unpatched versions of Atlassian’s Confluence collaboration suite. According to the security news site called The Record, researchers at Rapid7 found an access broker on a Russian-language criminal forum selling access to the organizations. All of them are allegedly in the U.S. I reported earlier about this particular vulnerability and that a patch has been issued. If your organization uses Confluence and hasn’t installed the patch, do it now — and scan your entire IT environment for possible compromise. Finally, there are many ways of tricking victims into clicking on email attachments that hide malware. One of the latest was discovered by researchers at a South Korean firm called ASEC. A victim received an email alleging their firm has violated another company’s copyright. The evidence was supposedly in an attached PDF. What that attachment really does is install the LockBit ransomware. While this scam is being tried in Korean, it could easily be used in any language. In fact the report notes this isn’t the first attempt at spreading malware through copyright infringement threats. IT leaders should ensure employees are trained to send any legal threat to the legal department. Staff in the legal department need be trained to consult with IT security staff before clicking on attachments. That’s it for now Remember links to details about podcast stories are in the text version at Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, June 27, 2022 – A warning to firms using VoIP systems, malicious files in an open source Python registry, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways