Cyber Security Today, Nov. 18, 2022 – A warning about Amazon RDS snapshots, a brand new ransomware pressure discovered, and extra | IT World Canada News

A warning about Amazon RDS snapshots, a brand new ransomware pressure discovered, and extra.

Welcome to Cyber Security Today. It’s Friday, November 18th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Organizations utilizing Amazon’s relational database-as-a-service — generally known as RDS — are being warned that improperly secured snapshot backups generally is a supply of non-public data for hackers. The warning comes from researchers at Mitiga, who discovered a technique to scan, clone and extract delicate knowledge from RDS snapshots. Administrators often retailer these snapshots in a separate database. But if that database is uncovered to the web or shared with somebody the snapshots may very well be copied by a hacker. Worse, the researchers mentioned, with some work a hacker may determine the place the snapshot got here from and threaten to launch the information until the group pays them off. In doing their work the researchers discovered 2,783 snapshots all over the world, 810 of which had been publicly accessible. Mitiga says RDS directors and customers ought to take care to securely configure and encrypt these snapshots.

Just over a 12 months in the past IT and safety leaders had been warned to patch the Log4Shell vulnerability in functions utilizing the log4j2 logging library. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned IT and safety leaders to ensure all their programs are patched for this gap. They issued that alert after discovering suspected Iranian government-sponsored risk actors used that vulnerability final February to compromise a federal group via an unpatched VMware Horizon server. The attackers used their entry to get to the group’s area controller, compromised credentials after which implanted reverse proxies on a number of hosts to keep up persistence. The alert urges directors with VMware Horizon that didn’t instantly set up patches or workarounds to imagine they’ve been compromised and take motion.

Separately, the CISA issued a background paper on the ways of the Hive ransomware gang. Security groups can use the knowledge to search for indicators of compromise.

Meanwhile, researchers at Blackberry have recognized a brand new pressure of ransomware they name ARCrypter. First seen hitting organizations in Chile and Columbia in August, BlackBerry says victims in Canada and China have uploaded examples with comparable code to the VirusTotal scanner for examination. That suggests these behind this pressure of ransomware are going after organizations all over the world.

Hackers are nonetheless utilizing previous methods to idiot unsuspecting victims. One of them is an e mail or textual content that claims one thing like, ‘We noticed an unusual login on your account. Please click here to secure the account.’ Clicking takes the sufferer to a faux web site the place they’re requested to log in to substantiate or change their username and password. The objective is to steal these credentials. In a weblog this week researchers at Armorblox said crooks just lately tried to ship a message like that to college students at an unnamed instructional establishment. The message seemed prefer it got here from Instagram. If you get a message like this, ignore it. Legitimate corporations don’t ship messages this manner. Instead they’ll inform you to go to the applying’s login web page the best way you often do to examine or change a password.

Finally, should you use the Firefox browser be sure that it’s working the most recent model. An replace was launched this week that patches quite a lot of vulnerabilities. You must be on model 107.

Later right this moment the Week in Review version of the podcast will likely be obtainable. Guest David Shipley and I’ll talk about what organizations hit by a cyber assault ought to say publicly.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your good speaker.