Cyber Security Today, August 23, 2023 – Public exposure doesn’t deter this attacker, and more

Share post:

Public exposure doesn’t deter this attacker, and more

Welcome to Cyber Security Today. It’s Wednesday, August 23rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Public exposure several months ago of an intelligence-gathering threat actor hasn’t stopped their efforts. According to researchers at Lumen, whoever is deploying what they call the Hiatus remote access trojan wasn’t deterred much after the company reported in May on their complex campaign to infect edge network routers in Europe and Latin America. The next month the unnamed attacker recompiled their trojan, set up new servers and went after a U.S. Defense Department server used for submitting contract proposals as well as organizations in Taiwan. There’s suspicion the threat actor is linked to China and is looking to gather information. The attacker downloaded 11 MB of data from the compromised military server. The report emphasizes the importance of hardening edge network devices. This includes protecting these devices by only allowing access through VPNs.

Attention administrators with Ivanti Sentry or MobileIron Sentry in your environments for protecting access for mobile devices. There’s a serious vulnerability in the suite that could allow an attacker to bypass authentication. If you don’t expose the System Management Portal to the internet you’re OK. But if you do, the latest RPM script has to be installed. Note that unsupported versions of Sentry cannot be patched.

Attention administrators who have VPNs from Cisco Systems to protect network access: There are reports that attackers deploying the Akira strain of ransomware are targeting users of Cisco VPNs who haven’t enabled multifactor authentication for extra login protection. An incident responder told Bleeping Computer they investigated several attacks at organizations that were hit this way. A security vendor has also seen similar evidence. IT administrators who use any brand of VPN should ensure all users enable multifactor authentication for extra protection because VPNs are increasingly being targeted by threat actors.

Mischief-makers believed to be tied to Russia spread misinformation on social media to influence conversations around last month’s NATO conference in Lithuania. According to the news site Graphika, that included distributing documents purportedly hacked from the Lithuanian government, and seeding false claims about NATO’s spending and involvement in French domestic affairs. It appears they had little effect.

Finally, security pros know that every device that has WiFi or Bluetooth capability is a risk both in the organization and at home. The latest example comes from university researchers in Italy and England who found vulnerabilities in TP-Link’s Tapo smart bulbs and app. The lesson: If your business doesn’t need a WiFi-controlled light bulb — or coffee maker, or pencil sharpener — don’t allow it unless you’re sure it meets cybersecurity standards such as encryption and the ability to get security updates. The same thing at home with WiFi bulbs, toothbrushes and toys.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

 

The post Cyber Security Today, August 23, 2023 – Public exposure doesn’t deter this attacker, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways