Warnings to Zimbra and Fortinet administrators, lessons from the hack of a US defence contractor and more.
Welcome to Cyber Security Today. It’s Monday, October 10th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
This is the Thanksgiving Holiday in Canada, so if you’re a Canadian and listening on Monday thanks for being here.
Linux and Unix administrators who oversee installations of the Zimbra Collaboration suite are being reminded again to address a serious vulnerability in the application’s antivirus scanner. Last week security researchers at Flashpoint and Rapid7 issued blogs on the need to address the hole. It was first reported in September. At that point Zimbra said administrators need to install a package called “pax” and then reboot the Zimbra server to blunt the vulnerability. This package is not installed by default by most Linux distributions including Red Hat, Oracle and CentOS. Administrators should note that the U.S. Cybersecurity and Infrastructure Security Agency also issued a recent warning to patch several other Zimbra vulnerabilities.
Network administrators with Fortinet firewalls and web proxies are being told to update the applications to the latest version. This is to plug a serious vulnerability. A confidential notice was sent to select Fortinet customers last week, according to a Twitter subscriber. The hole allows an authentication bypass in the FortiOS operating system and the FortiProxy secure web proxy.
Email servers are a prime target for hackers because they offer a rich vein of information about an organization’s employees, their work and data held in attachments and messages. From a hacked email system the attacker can try to get deeper into the organization’s network to steal data for sale or espionage. In a serious example of this, the U.S. Cybersecurity and Infrastructure Security Agency last week reported that several hackers got into the network of a defence contractor in 2021 through vulnerabilities in Microsoft Exchange. It isn’t clear from the report how they initially got in, or if the attackers worked together. But eventually at least one attacker was able to compromise an administrator account and work from there. Later an attacker exploited four vulnerabilities on the Exchange server. Again, the report isn’t clear if these were zero-day holes, but they were patched around the same time by Microsoft. Ultimately the attackers were in the victim company’s system for months — and undetected. Commentators at the SANS Institute note the report shows the importance of patching Exchange, as well as the need for constant network monitoring for suspicious activity.
The bridges between cryptocurrency exchanges continue to be plundered by hackers. The latest is Binance, which has admitted at least $100 million worth of tokens were lifted last week from the digital bridge between two Binance blockchains. Some users are reporting this on Reddit as the minting of new coins on the bridge, as opposed to a theft of individual coins. The cyber news service The Record notes this year alone nearly $2 billion in cryptocurrency was stolen in 13 cross-chain bridge attacks.
Last month I reported that the American video game publisher 2K Games admitted a threat actor had got into its help desk system through a partner company. Now it’s telling users who gave personal information to customer support that some of that data, including their email address, was copied by the hacker and is being sold. No passwords or financial information was compromised. But the hacker used their access to send customers emails that appeared to come from customer support with malicious links. Anyone who clicked on those links should reset their passwords.
Finally, law enforcement agencies in many countries are becoming more sensitive about the increasing number of ransomware attacks against local and regional government departments. However, agencies don’t always co-ordinate their work. A recent report from the Government Accountability Office says that’s happening in the United States. The report complains the help offered by the FBI, the Secret Service and the Cybersecurity and Infrastructure Security Agency to state, local, territorial and tribal governments lacks detailed procedures. There’s are lessons here as the RCMP in Canada sets up its National Cybercrime Co-ordination Centre and provincial governments look at helping municipalities and schools boards and other non-governmental agencies.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.