Cyber Security Today, Sept. 14, 2022 – Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more

Share post:

The latest news on Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more.

Welcome to Cyber Security Today. It’s Wednesday, September 14th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Yesterday was Patch Tuesday, the day Microsoft and Adobe released security updates for Windows and other products. IT administrators should note one patch fixes an escalation of privilege vulnerability that could be leveraged by an attacker that already has access to a server. The vulnerability would allow them to get System privileges. Trend Micro’s Zero Day Initiative says that of the 64 new vulnerabilities patched, five are rated critical and 57 are rated as important.

Your personal computer should be set to receive updates automatically, but it doesn’t hurt to check by going to the Windows Update section of your PC.

IT security leaders are increasingly cutting the number of vendors they buy products from. According to Gartner, three-quarters of organizations it recently surveyed said they have a strategy of security vendor consolidation. Fifty-seven per cent of respondents said their organizations are working with fewer than 10 vendors for their security needs. Why the vendor consolidation? Because security leaders aren’t happy with operational inefficiencies and the lack of product integration, says Gartner.

Unpatched internet-connected medical devices running on outdated software are increasingly being exploited by threat actors. That’s according to the FBI. This week it warned patient safety and the confidentiality of personal health data is at risk. Routine challenges include securely configuring medical devices, devices that lack security features and devices with customized software that needs special patching procedures. Devices at risk include insulin pumps, intracardiac defibrillators, pacemakers and pumps that deliver pain medication. A recent research report conducted by a cybersecurity firm found 53 per cent of connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities, the report points out. The FBI urges medical IT administrators to protect connected devices with antivirus software if possible, to encrypt medical device data and to ensure devices can only be accessed through complex passwords. If a device is disconnected from an IT network for service there has to be integrity verification before it is re-connected.

A vulnerability in Mitel’s MiVoice VoIP appliance used by businesses is being exploited by a ransomware group. Researchers at Arctic Wolf said a threat actor recently deployed the Lorenz ransomware on a victim after leveraging Microsoft’s BitLocker Drive Encryption to scramble the organization’s data. Monitoring critical assets alone is not enough to protect against cyber attacks, the report warns. Security teams should monitor all externally facing devices for potential malicious activity, including voice-over-IP telephony applications and IoT devices.

Truck rental agency U-Haul says a hacker got hold of the names and driver’s licence numbers of customers who rented vehicles between November 5th of last year and April 5th of this year. They did it by compromising two unique passwords. That enabled the hacker to access a customer contract search tool. In a copy of a letter being sent to affected customers and filed with the State of Montana, U-Haul isn’t saying how the passwords were compromised, nor how many customers were affected.

Finally, Apple released iOS 16 for iPhones and iPads, as well as a number of security patches for earlier releases. iOS 16 includes Lockdown Mode, for executives, reporters and others worried about targeted attacks. It restricts certain non-essential features so there are fewer ways an attacker can compromise a device.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 14, 2022 – Windows patches, a warning to medical IT administrators, a Mitel VoIP vulnerability being exploited and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Zoho’s annual user and partner conference 'Zoholics' offers SMBs an 'on ramp' to applying AI in their business,...

White house official tells insurance companies to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024

White House urges end to insurance-funded ransomware payments, Comcast reveals a major data loss, Chinese hackers use a back...

AI pioneers Geoffrey Hinton and John Hopfield awarded Nobel prize in physics. Hashtag Trending for Wednesday, October 9, 2024

AI pioneers Geoffrey Hinton and John Hopfield get a Nobel prize in physics, Google is tracking your location...

Did tech companies jump the gun reducing their staff? Hashtag Trending for Tuesday, October 8, 2024

Did companies move too quickly to reduce their development staff? Have we reached the point where it’s impossible...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways