Cyber Security Today, May 10, 2024 – Patches for F5’s Next Central Manager released, Dell discovers data theft covering millions, and more

Share post:

Patches for F5’s Next Central Manager are released, Dell discovers data theft covering millions of buyers, and more

Welcome to Cyber Security Today. It’s Friday, May 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

F5 has patched two vulnerabilities in its BIG-IP Next Central Manager. These vulnerabilities can give attackers full administrative control over the management application. According to researchers at Eclypsium, who discovered the holes, exploitation would give an attacker the ability to create an account on any F5 BIG-IP Next device run by the platform. Network managers are urged to upgrade to the latest version of Next Central Manager. The BIG-IP Next line of products is the latest generation of F5 application delivery controllers.

Dell Technologies is notifying millions of customers that some of their personal information was stolen. According to SecurityWeek.com, the data copied includes buyers’ names, physical mailing addresses and information on products purchased. It does not include financial or payment information, email addresses or phone numbers, the company said.

Cloud gateway provider Zscaler says only an isolated IT test environment on a single server was affected by a recent cyber breach. Neither its customer, product nor corporate IT environments were affected, the company says. The statement came after a threat actor said it is selling access to an unnamed company.

Dozens of companies including BlackBerry, Cisco Systems, CrowdStrike, HP, Microsoft, Palo Alto Networks, Sophos and Trend Micro have signed a voluntary pledge to make their software and services secure by design. The pledge was created by the U.S. Cybersecurity and Infrastructure Security Agency. Signees promise to make good faith efforts to work towards seven goals. One is that within 12 months of signing the pledge the company can show it has measurably increased the use of multifactor authentication by users across its products — for example, by enabling MFA by default. Another goal is showing progress in reducing the number of default passwords in products. Other goals are showing a measurable reduction in the number of software vulnerabilities in products, showing a measurable increase in the installation of patches by customers and a measurable increase in the ability of customers to gather evidence of intrusions affecting their products.

Another American hospital chain has been hit by a cyber attack. Ascension, which has 140 hospitals in 19 states and the District of Columbia, said it detected unusual activity on certain IT systems from a cybersecurity event. As a result access to some IT systems has been interrupted and some clinical operations have been affected. Wichita TV station KWCH says some operations had to be stopped at the Ascension hospital in the city.

Separately, the city of Wichita is still dealing with a cyber attack that forced the municipality to temporarily turn off its IT network. According to the news site The Record, the LockBit ransomware gang is taking credit for the attack, which has forced the police and fire departments to resort to using paper to create reports.

Western Canadian pharmacy and retail chain London Drugs has re-opened all of its 79 stores following a cybersecurity attack last month. However, it is still unable to fill new prescriptions. Company president Clint Mahlman said so far there is no evidence any customer databases were compromised.

The province of British Columbia is still investigating what it called “sophisticated cybersecurity incidents” it discovered on government IT networks. I emailed the premier’s office Thursday asking for comment. No response was received by the time this podcast was recorded Thursday afternoon. The Vancouver Sun says the incident was related to an order last week to all provincial employees to change their passwords.

Finally, Sunday is International Anti-Ransomware Day. Your organization has to fight ransomware — and other cyber attacks — every day, but this is a reminder to mount a thorough and vigorous cyber defence at your firm. That means having an inventory of all hardware and software assets so you can create a patching program. It means finding where critical data is stored everywhere in your organization — in databases, on employee inboxes, in cloud storage platforms like DropBox and Amazon– so that data can be protected. It means making sure all employees have to use phishing-resistant multifactor authentication to log in. There’s lots of free advice from the Canadian Centre for Cyber Security, the U.S. Cybersecurity and Infrastructure Security Agency, and the Ransomware Task Force’s Blueprint for Ransomware Defense. There’s no excuse for not being able to limit the extent of a ransomware attack.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Pablo Listingart from ComIT – Hashtag Trending the Weekend Edition for May 25, 2024

Pablo Listingart, founder and executive director of ComIT, discusses the resource shortage in cybersecurity and IT and the...

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Consumers don’t trust social media companies with AI. Hashtag Trending for Friday, May 24th, 2024

A new Axios poll says that consumers don’t trust social media giants branching into AI.  Two companies headed...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways