Cyber Security Today, Dec. 15, 2023 – A botnet expands, threats to unpatched TeamCity servers, and more

Share post:

A botnet expands, threats to unpatched TeamCity servers, and more.

Welcome to Cyber Security Today. It’s Friday, December 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

A botnet of compromised small and home office firewalls and routers continues to expand. Researchers at Lumen say those behind what it calls the KV-botnet most recently added internet-connected video cameras made by Axis and Netgear ProSafe firewalls. Lumen suspect the botnet is growing so it can be used for phishing campaigns during the holiday season. The researchers aren’t sure how devices are being infected. But they believe it’s run by a threat group dubbed Volt Typhoon or Bronze Silhouette by other researchers. It’s a state-sponsored group based in China that has been infiltrating critical infrastructure providers in the U.S. Often this botnet takes over out-of-date devices that can’t receive security patches anymore so they are ripe for picking. The report is a warning to IT and network leaders — as well as homeowners — to get rid of internet-connected equipment that isn’t supported anymore. At the very least make sure devices are regularly rebooted because that will flush some types of malware.

Unpatched servers hosting JetBrains’ TeamCity software are being exploited by Russian government hackers. That’s according to cyber authorities in the U.S., the U.K. and Poland. The Russian group, known as CozyBear, Nobelium or APT29 by security researchers, has been exploiting a vulnerability since September. Because TeamCity is used by software developers, a successful hacker gets access to source code and signing certificates that can be used to authenticate malware — everything needed for a supply chain attack. Companies using compromised and internet availableTeamCity servers have been found in the United States, Europe, Asia, and Australia. They include an energy trade association, internet hosting providers and more. Administrators of TeamCity who haven’t applied recent patches or workarounds should assume their servers have been compromised and take action.

Here’s another example of someone not configuring a database properly and leaving it open in the internet. It was discovered by security researcher Jeremiah Fowler and appears to belong to an American company that makes a cloud-based management suite for nonprofits. It has subscribing organizations around the world. Had someone found this particular database they would have been able to download over 460GB of data. Fowler saw a document from a hospital charity that named a child, their medical conditions and their doctor. This is another reminder that organizations have to make sure all employees handling the personal data of customers and employees know how to protect data from exposure. In addition IT leaders have to constantly watch data stores created by employees for security breaches.

On a November podcast I told you that personal information of staff working at the Idaho National Laboratory, a federal nuclear energy research facility, had been stolen. The number of victims has now been released: It’s just over 45,000 current and former employees, their spouses and dependents. The notice to victims says the data was stolen from an off-site data centre and not the lab’s IT system.

Finally, users of the Discord voice, video and chat app can now use security key-based multifactor authentication to protect their accounts from being hacked. That means they can use Windows Hello, Apple Face ID, Touch ID or physical security keys for logging in to Discord.

That’s it for this podcast. However, later today the Week in Review edition will be available. Guest Terry Cutler of Cyology Labs will join me to discuss a report on the readiness of the U.K. to face malware, why applications with old versions Log4j is still being compromised and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 15, 2023 – A botnet expands, threats to unpatched TeamCity servers, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Hashtag Trending Feb.28- OpenAI says New York Times hacked ChatGPT; Apple cancels plans to release electric car; Your Voice is Power teaches indigenous youth...

Sponsor: Hashtag Trending is sponsored by (Spell). The founder is a big supporter of our podcast and is not only a sponsor but he has offered to provide $20,000 in Azure credits for two to three of our listeners who have a unique idea for an Azure based project. The credits can be applied

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways