Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Share post:

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

In a few minutes I’ll be joined by Terry Cutler, CEO of Cyology Labs, to discuss some of the week’s top news. This includes Microsoft and Google’s offer to help U.S. rural hospitals tighten their cybersecurity, a report on top network vulnerabilities found by penetration testers and the latest news on hacks of Snowflake customers.

But before we get to the discussion, here’s a quick look at other headlines from the past seven days:

Canadian police arrested three people and are searching for another for their alleged involvement in defrauding customers of the Desjardins credit union. That followed the theft of data of 9.7 million customers in 2018. Laval, Quebec police said a group used the stolen data to access customer bank accounts and defraud depositors of over CDN$8.9 million. Federal and Quebec privacy commissioners did a joint investigation and concluded unnamed bank marketing department employees had stolen data for at least 26 months. The commissioners concluded Desjardins’ data protection measures were inadequate and violated federal data privacy law. Police this week didn’t explain how the accused people obtained the stolen data. They are not charged with stealing the data.

UPDATE: After this podcast reported Quebec provincial police announced the arrest of five people including a man who allegedly worked in the Desjardin’s marketing department. Arrest warrants for three other people who are at large were also issued.

Police in Ukraine arrested a man who allegedly worked for the Conti and LockBit ransomware gangs creating code that masked the deployment of the malware.

Municipal services at city hall in Cleveland, Ohio remained closed today following a cyber attack earlier in the week. The city is still trying to restore access to its IT systems.

The Toronto District School Board says its IT test environment was recently hit by ransomware. That begs the question, is your test system open to the internet?

My Daily Choice, an American online marketplace, is notifying over 89,000 people that some of their personal information was stolen in February from a hosted environment where it stores data.

First American Financial, which provides title insurance and other services for the real estate sector, is notifying over 41,000 people their names and driver’s licence numbers were stolen last December.

Meanwhile a U.S. insurance group, Progressive Corporation, is notifying some customers that their personal information was stolen by an employee who used another person’s identity to beat the company’s background checks and get a job. During the employee’s six months of work handling customer calls they had access to personal information.

Fortinet released security updates this week for devices that run its FortiOS operating system. They fix multiple stack-based buffer overflow vulnerabilities.

And Google released 50 security updates for its Pixel smartphones. Seven deal with critical vulnerabilities. One of the vulnerabilities rated high may already be exploited. Patches for Pixel phones should automatically be installed, but it doesn’t hurt to check if you’re up to date.

(The following is an edited transcript of the first of the three topics discussed.) To get the full conversation play the podcast)

Howard: Let’s start with a report from a company called Vonahi Security, which makes an automated software-as-a-service penetration testing platform. Full disclosure: Terry’s company resells Vonahi services. After looking at penetration test results from 1,200 customers Vonahi compiled a list of the most common internal network vulnerabilities that could allow an attacker to take advantage of an IT network. On the list was were three you might expect: Outdated Microsoft Windows systems, Windows servers that weren’t patched for old vulnerabilities, and systems within an organization that had the same administrator passwords. We’ll get to those in a minute, because they weren’t the most common holes. The most common hole was leaving their systems open to multicast DNS spoofing. Terry, what is mDNS?

Terry Cutler: It’s a protocol within a small network that allows devices to find each other. Think of mDNS like a small local phone book, like the Yellow Pages. Every device has its own phone book that it carries around. When you need a phone number, in this case it’s going to be an IP address, you’re first going to check your local book to see if it’s there. If not, it’s going to go and check a central DNS server, which is like your main master phone book. But then after that, if you can’t find it there either, you’re going to yell out to all your neighbors, ‘Hey, who here has this network for this name?’ The problem is that any network, or any neighbor, or if this is also a device that knows a number can respond. This openness allows anybody to answer, including imposters, which will be the spoofing element.

Howard: What’s the danger?

Terry: A couple of things: Because mDNS is susceptible to spoofing attacks, any device on a network can respond to an mDNS query. So obviously, if you have a malicious attacker that’s on the network, he can intercept these queries and respond to the IP address of the device. It allows the attacker to get in the middle and start capturing passwords, credentials — and using modern computing power, it can crack these codes.

We see this often with FTP services: We see clear text going through. So you better start switching from FTP to SFTP for better security.

Howard: How can this hole be plugged?

Terry: If you’re not using mDNS disable it. But you better have good network monitoring in place that’s monitoring the network to see if anybody else is broadcasting these services so they can actually clean up the environment.

(To get the full conversation play the podcast)

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Will the “AI bubble” burst? Hashtag Trending for Wednesday, July 10, 2024

Europe may be reigning in big tech, but Canada and the US are struggling, despite public concern.  Analysts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways