Patches for F5’s Next Central Manager are released, Dell discovers data theft covering millions of buyers, and more
Welcome to Cyber Security Today. It’s Friday, May 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
F5 has patched two vulnerabilities in its BIG-IP Next Central Manager. These vulnerabilities can give attackers full administrative control over the management application. According to researchers at Eclypsium, who discovered the holes, exploitation would give an attacker the ability to create an account on any F5 BIG-IP Next device run by the platform. Network managers are urged to upgrade to the latest version of Next Central Manager. The BIG-IP Next line of products is the latest generation of F5 application delivery controllers.
Dell Technologies is notifying millions of customers that some of their personal information was stolen. According to SecurityWeek.com, the data copied includes buyers’ names, physical mailing addresses and information on products purchased. It does not include financial or payment information, email addresses or phone numbers, the company said.
Cloud gateway provider Zscaler says only an isolated IT test environment on a single server was affected by a recent cyber breach. Neither its customer, product nor corporate IT environments were affected, the company says. The statement came after a threat actor said it is selling access to an unnamed company.
Dozens of companies including BlackBerry, Cisco Systems, CrowdStrike, HP, Microsoft, Palo Alto Networks, Sophos and Trend Micro have signed a voluntary pledge to make their software and services secure by design. The pledge was created by the U.S. Cybersecurity and Infrastructure Security Agency. Signees promise to make good faith efforts to work towards seven goals. One is that within 12 months of signing the pledge the company can show it has measurably increased the use of multifactor authentication by users across its products — for example, by enabling MFA by default. Another goal is showing progress in reducing the number of default passwords in products. Other goals are showing a measurable reduction in the number of software vulnerabilities in products, showing a measurable increase in the installation of patches by customers and a measurable increase in the ability of customers to gather evidence of intrusions affecting their products.
Another American hospital chain has been hit by a cyber attack. Ascension, which has 140 hospitals in 19 states and the District of Columbia, said it detected unusual activity on certain IT systems from a cybersecurity event. As a result access to some IT systems has been interrupted and some clinical operations have been affected. Wichita TV station KWCH says some operations had to be stopped at the Ascension hospital in the city.
Separately, the city of Wichita is still dealing with a cyber attack that forced the municipality to temporarily turn off its IT network. According to the news site The Record, the LockBit ransomware gang is taking credit for the attack, which has forced the police and fire departments to resort to using paper to create reports.
Western Canadian pharmacy and retail chain London Drugs has re-opened all of its 79 stores following a cybersecurity attack last month. However, it is still unable to fill new prescriptions. Company president Clint Mahlman said so far there is no evidence any customer databases were compromised.
The province of British Columbia is still investigating what it called “sophisticated cybersecurity incidents” it discovered on government IT networks. I emailed the premier’s office Thursday asking for comment. No response was received by the time this podcast was recorded Thursday afternoon. The Vancouver Sun says the incident was related to an order last week to all provincial employees to change their passwords.
Finally, Sunday is International Anti-Ransomware Day. Your organization has to fight ransomware — and other cyber attacks — every day, but this is a reminder to mount a thorough and vigorous cyber defence at your firm. That means having an inventory of all hardware and software assets so you can create a patching program. It means finding where critical data is stored everywhere in your organization — in databases, on employee inboxes, in cloud storage platforms like DropBox and Amazon– so that data can be protected. It means making sure all employees have to use phishing-resistant multifactor authentication to log in. There’s lots of free advice from the Canadian Centre for Cyber Security, the U.S. Cybersecurity and Infrastructure Security Agency, and the Ransomware Task Force’s Blueprint for Ransomware Defense. There’s no excuse for not being able to limit the extent of a ransomware attack.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.