Cyber Security Today, March 29, 2023 – European site for educators compromised, Lumen hit by ransomware, and more

European Commission site for educators compromised, Lumen Technologies hit by ransomware, and more.

Welcome to Cyber Security Today. It’s Wednesday, March 29th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Crooks have been using the European Commission’s School Education Platform to distribute links to malicious websites. Educational organizations create profiles on the platform to help them find partners around Europe. However, researchers at NordVPN say criminals have also been registering fake profiles. The profiles have links to illegal streaming and money platforms. While most of the fake profiles have now been deleted, threat actors have found a new way to exploit the website by uploading PDF files with malicious links. There’s a lesson here: If your website allows outsiders to add content, the links and documents must be regularly scanned.

A New York law firm that failed to patch its Microsoft Exchange server and was hit by a data breach two years ago will pay the state US$200,000 for its poor security. The law firm of Heidell, Pittoni, Murphy and Bach, represents New York City area hospitals. The stolen data was sensitive healthcare information of 114,000 patients. The New York state attorney general’s office said the law firm’s data security failures violated not only state law, but also the federal health information privacy law.

Networking and cloud provider Lumen Technologies was hit by a ransomware attack last week. In a regulatory filing the company said a “limited” number of hosting servers were affected. It did say the incident is currently degrading the operations of a small number of its enterprise customers. Lumen also discovered a separate attack in which it says a relatively limited amount of data was stolen from an internal IT system.

Last week I told you that an Australian company called Latitude Financial admitted to being hacked. This week it said the amount of data lost was worse than initially thought. Data on about 14 million customers is now in the hands of crooks. That includes 7.9 million driver’s licence numbers of Australian and New Zealand residents, 6.1 million customer records dating back to at least 2005 and 53,000 passport numbers. Initially the company said approximately 330,000 customers and applicants were affected. A hacker used the login credentials of an employee to access data held by two of Latitude’s service providers.

Still in Australia, Crown Resorts, a luxury casino and hotel chain, is the latest to admit being victimized in the compromise of the GoAnywhere MFT file transfer solution. The Clop ransomware gang is behind the attacks. No customer data has been exposed, the company says, but what it says was a limited number of company files were copied.

Attention administrators of Okta’s identity and access management solution. Make sure access to the management console is locked down. This warning comes after researchers at Mitiga found a serious issue: When a user trying to log in accidentally enters their password in the username field, the password is captured in plaintext in Okta’s audit log. If a threat actor has admin access they can copy the password from the log. In addition, some IT departments send Okta logs to their security and event management platform. If a hacker has access to that, the failed password could be found there. With a password the hacker can try to log in to any of the organization’s applications that use Okta single sign on. One solution: Check Okta logs for people whose passwords have been captured in the audit stream and make them change their credentials. Okta has more guidance. There’s a link to the report in the text version of this podcast.

The European police co-operative called Europol is warning law enforcement agencies to prepare for the criminal use of deep learning AI solutions like ChatGPT. In a report this week Europol said crooks can use ChatGPT to draft highly authentic phishing texts. Police have to understand not only how these types of systems can be exploited, the report says, but also how to use them to fight crime. Police will also have to understand how AI systems can be inaccurate and have biases.

Finally, the annual Vancouver edition of the Pwn2Own hacking contest awarded just over $1 million to participants — and a Tesla Model 3. The three-day contest is part of Trend Micro’s Zero Day Initiative. It sees teams competing for money by finding vulnerabilities. The Vancouver contest challenged teams to find holes in Ubuntu desktop, Microsoft Teams, VMware Workstation — and in that Tesla.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.