Cyber Security Today, Nov. 24, 2023 – A warning to tighten security on Kubernetes containers, and more

Share post:

A warning to tighten security on Kubernetes containers, and more.

Welcome to Cyber Security Today. It’s Friday, November 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Organizations aren’t taking enough care to protect sensitive data held in Kubernetes containers. Researchers at Aqua Security Software say hundreds of organizations and open-source projects they discovered online allow access to secrets like passwords and digital tokens. These include commercial firms and blockchain companies. The problem is employees creating Kubernetes containers may upload them to publicly available online repositories — like GitHub — where they may be hacked. Corporate data, personal data and even source code could be at risk. The solution: Train staff allowed to create Kubernetes containers in proper cybersecurity procedures, including how to encrypt data and the use of a secrets management tool.

The Kansas Supreme Court says an attacker is threatening to release data stolen last month from its IT systems. The documents include administration files, court case records on appeal and some confidential data. Lawyers are still unable to file documents electronically because of the cyber attack.

A North Korean threat group is believed to be behind the compromise of software made by a Taiwan multimedia application firm called CyberLink. Researchers at Microsoft say a CyberLink application installer was modified to download malware. It can fool defences because the digital file is signed for authentication with a valid digital certificate issued to CyberLink. That certificate has now been flagged as bad. CyberLink makes applications such as the PowerDVD multimedia player and the Director Suite 365 video/photo editor. Over 100 devices have been impacted in the U.S., Canada, Japan and Taiwan.

In another small victory for law enforcement, the U.S. Justice Department has seized nearly US$9 million in Tether cryptocurrency from crooks who ran romance and cryptocurrency scams. Victims were convinced to make crypto deposits by pretending they were investing in trusted firms.

Charities aren’t immune to cyber attacks. Just over 35,000 people involved with Big Brothers Big Sisters of America are being notified their personal information was stolen in a cyber attack last March. This not-for-profit organization finds adults to mentor at-risk boys and girls. Data stolen includes names, Social Security numbers, dates of birth, drivers licence numbers, payment card numbers medical and health insurance information.

Just over 30,000 current and former employees of an Arizona county school district are being notified of a data breach. Pinal County Superintendent’s Office said stolen information including names, Social Security numbers and bank account numbers of staff and their dependents may have been stolen in the September cyber incident. According to a news report, the attack was ransomware.

Finally, those of you running Mac laptop and desktop computers should be wary of fake Safari or Chrome browser update requests suddenly appearing on your screens. According to researchers at Malwarebytes, if you download the so-called update it infects computers with a piece of malware called ClearFake. It steals information like passwords. Until this week ClearFake was being distributed through malicious ads. Now the creators are also using infected websites that make a message appear on screens saying you need to update your browser. Anyone getting a request like that — either on their mac, Windows, Android or Apple smartphone device — should resist the urge to click on the ‘Update’ button. Only update any software through the approved home site of the app manufacturer.

Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss Australia’s decision not to make ransomware payments illegal.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov. 24, 2023 – A warning to tighten security on Kubernetes containers, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Hashtag Trending Feb.27- Will AI enable a four-day week?; SpaceX under scrutiny for allegedly blocking satellite internet services in Taiwan; How much does it...

Prelude: Just a note out there. We’ve been having problems with some of our podcasts. Our hosting partner Libsyn says they are working on this. We hope it’s not inconveniencing you. But we’ll push to get this fixed.  If you are having issues, please write me at jlove@itwc.ca  Any data we can gather will be

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways