Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

Share post:

Warnings to GitHub users and Ivanti gateway administrators, and more.

Welcome to Cyber Security Today. It’s Friday, March 1st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Developers who download code from the open-source GitHub repository always have to be careful they don’t get tricked by malicious packages. This is vital more than ever because since November a threat actor launched an automated campaign of uploading bad code into the repository. They hope this code will find its way into commercial or open-source applications, compromising millions of computers. According to researchers at Apiiro over 100,000 infected packages have recently been poured into GitHub. The threat actor behind this campaign clones existing packages, infects them and then re-loads them into GitHub. Then these bad packages are promoted to unsuspecting developers in forums. They collect login credentials of developers and anyone who uses an application the developer put the bad code in. An estimated 99 per cent of bad packages have been removed by GitHub. But the that still leaves thousands on the platform. And the campaign continues.

I’ve reported previously about the need for administrators of Ivanti Connect Secure and Policy Secure gateways to reset and patch those devices. Well, that isn’t enough. Cybersecurity agencies of the Five Eyes intelligence-sharing countries warned Thursday that threat actors can get around mitigations. In particular they can deceive Ivanti’s integrity Checker Tool to continue compromising these devices through three vulnerabilities. Administrators should consider dropping these devices, the agency say.

After years of company reminders and media reports about following safe cybersecurity practices some people still don’t get it. That’s a takeaway from a phishing report this week by Proofpoint. The company’s annual State-of-the-Phish report includes a survey of over 7,000 working adults in 15 countries. About a quarter admit they do risky things like use a work device for personal activities, reuse or share passwords and connect without using a VPN in a public place like a mall or airport. Some of these activities could be legitimate — there’s nothing wrong with sharing a password with a family member so they can access your personal email in an emergency. Or using an office computer to go to a website if its OK with management, like sites about your hobbies or to research a vacation. But the numbers suggest that some people do risky things because the security message isn’t getting through. A quarter of the respondents said they took risky action to meet an urgent deadline. Others did it to save time or money. Eleven per cent said they did it to meet a revenue target; 10 per cent did it to meet a performance objective. Here’s another factoid from the report: While 99 per cent of security pros surveyed said their organization has a security awareness program, only slightly more than half say they train everyone in the organization.

Speaking of phishing, Pepco Group, a European discount retailer, has acknowledged its division in Hungary recently lost the equivalent of US$16 million. How? Staff fell for a phishing lure.

Finally, a Malwarebytes researcher stumbled across a crook running an apartment reservation scam while trying to book a vacation in Amsterdam on Airbnb. The person who posted the apartment asked him to switch to communicating by email because Airbnb’s platform was allegedly having some problems. If interested, the owner said, they would send the traveler a link to Tripadvisor to complete the reservation. Well, the link went to a fake Tripadvisor website. The goal of this scam: To get an unsuspecting victim to click on a booking button on the fake Tripadvisor site and enter credit or debit card details. Two lessons: If someone asks you to switch communicating from one site to a different one or email when making any kind of purchase, be suspicious. And when you buy anything, do it on a full-screen computer or laptop, not a smartphone, so you can see the full email address of who you’re dealing with or the full website address of where you’re going.

That’s it for now. But later today the Week in Review podcast will be out. Guest Terry Cutler of Cyology Labs will join me to discuss how hard it is for law enforcement to put ransomware gangs out of business and Canada’s proposed law to make social media platforms take down child porn images fast.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

The post Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI hallucinations ended in a year? Hashtag Trending, Monday April 22, 2024

Capital Gains tax in Canada gets criticized by tech sector.  Amazon drops 100,000 jobs while vastly increasing its...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways