Cyber Security Today, March 31, 2023 – World Backup Day advice, new malware targeting Linux and more

Share post:

World Backup Day advice, new malware targeting Linux and more

Welcome to Cyber Security Today. It’s Friday, March 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today is World Backup Day. I have a long story on ITWorldCanada.com which is tailored for IT department leaders in mid-to-large firms, so on this podcast I want to address IT leaders in small businesses. The good news is backup and recovery should be easier because your environment will be simpler compared to a multi-million dollar retailer. Still, some of the same rules apply: First, decide what data needs to be backed up, giving priority to sensitive information and how often it needs to be backed up. Second, make sure data is backed up off-site as well as on-site. And for extra protection, it should be encrypted. Third, make sure the off-site backup can’t be compromised by a hacker. One of the biggest failures of IT is to protect off-site backup from being encrypted, ruining any chance of data restoration. Fourth, document your backup procedures so when staff leave the knowledge doesn’t go with them. And last, have IT staff regularly practice restoring a backup. You’ll need that experience in a crisis.

Attention Linux administrators: New malware targeting Linux servers has been discovered. Researchers at the French firm Exatrack call it Melofee, and believe it was created by a group based in China. It drops a rootkit and a server implant. The implant can update itself, create a new socket for interaction, search for system information, read and write files and more. The implant hasn’t been widely seen, suggesting the attacker uses it only to go after high value targets.

University researchers say there’s a fundamental flaw in the Wi-Fi protocol that could affect devices running Linux, FreeBSD, Android and iOS. In a summary of the report, the Hacker News notes that the flaw could be used to hijack TCP connections or intercept client and web traffic. The power-save mechanisms in endpoint devices could trick access points into leaking data frames in plaintext.

Cisco Systems said attacks could be successful against its Wireless Access Point and Meraki wireless products. But Cisco also believes the information gained would be of minimal value in a securely configured network. To reduce the odds of success, TLS should be enabled to encrypt data in transit. In addition network access should be restricted.

Attention Instagram users: Crooks are hunting for subscribers who haven’t activated multifactor authentication. When they are found, the crooks either use a brute-force attack to figure out the passwords or use a phishing attack to trick the user into giving up their password. According to researchers at Group-IB, once the hacker has access they lock out the account owner by enabling multifactor authentication. Then they rename the hijacked Instagram account to make it look like it belongs to a financial institution to trick the account’s followers. This scheme was run in Indonesia, but it can be tried in any country. Instagram users are warned this is another reason to enable multifactor authentication.

That’s it for now. but later today the Week in Review podcast will be available. David Shipley of Beauceron Security and I will discuss a proposed delay on researching AI systems, the future of TikTok and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, March 31, 2023 – World Backup Day advice, new malware targeting Linux and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

White house official tells insurance companies to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024

White House urges end to insurance-funded ransomware payments, Comcast reveals a major data loss, Chinese hackers use a back...

AI pioneers Geoffrey Hinton and John Hopfield awarded Nobel prize in physics. Hashtag Trending for Wednesday, October 9, 2024

AI pioneers Geoffrey Hinton and John Hopfield get a Nobel prize in physics, Google is tracking your location...

Did tech companies jump the gun reducing their staff? Hashtag Trending for Tuesday, October 8, 2024

Did companies move too quickly to reduce their development staff? Have we reached the point where it’s impossible...

Cloudflare punches back and we all benefit: Hashtag Trending for Monday, October 7, 2024

WordPress blogging software leads to lawsuits, Cloudflare defeats patent troll in court and Eric Schmidt says keep building...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways