In Focus: Backdoor Malware Targeting SSH Keys

In Focus: Backdoor Malware Targeting SSH Keys

Information Security
In Focus: Backdoor Malware Targeting SSH Keys A backdoor malware that targeted SSH keys previously used by the most sophisticated and well-financed threat groups has trickled down to ordinary cybercriminals as this malware is now being sold to anyone with access to the dark web, a new report showed. “SSH keys can be potent weapons in the wrong hands,” Yana Blachman, threat intelligence specialist at Venafi, told Infosecurity. “But until recently, only the most sophisticated, well-financed hacking groups had this kind of capability. Now, we’re seeing a ‘trickle-down’ effect, where SSH capabilities are becoming commoditized.” What Is SSH? SSH, which stands for Secure Shell, is a protocol used to secure remote login from one computer to another. The SSH protocol is used for many applications across many platforms, including Linux,…
Read More
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Information Security, IT Support
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack Maastricht University, a government-funded institution in the Netherlands, recently admitted that it paid ransomware attacker a ransom of 30 Bitcoin, valued nearly 220,000 USD at the time of payment. The University, in a statement, said it fell victim to a ransomware attack on December 23, 2019. While the University’s IT infrastructure consists of 1,647 Linux and Windows servers and 7,307 workstations, the University said, the attacker only hit 267 Windows servers. The University added that backups of these servers were also affected. In ransomware attacks, attackers prevent legitimate users from accessing their computers or files through the process known as encryption. Attackers then demand from their victims ransom in exchange for the decryption keys that would unlock the encrypted files.…
Read More
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Information Security
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records Microsoft recently admitted that its internal customer support database was inadvertently exposed to the public as a result of a misconfiguration of the security rules of Azure – the company’s own cloud service. According to Microsoft, a change or the misconfiguration of the security rules of Azure, which led to the public exposure of the company’s internal customer support database, was made on December 5, 2019. Microsoft said this misconfiguration was corrected on December 31, 2019. The company said that the vast majority of the exposed records were cleared of personal information as the company redacts personal information using automated tools. The company, however, said that some of the exposed records weren’t redacted, such as an email address…
Read More
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
In Focus: Cloud Security in 2020

In Focus: Cloud Security in 2020

Information Security
In Focus: Cloud Security in 2020 In 2019, cloud computing really took off. Cloud security, however, took a backseat in 2019, leading to unprecedented cloud data breaches and data exposures. In 2020, it’s expected that cloud management will shift focus to security. What Is Cloud Computing? The cloud in the phrase “cloud computing” refers to the internet. Computing, meanwhile, refers to any activity that uses computers. In cloud computing, the computing activity is done over the internet instead of the computer's hard drive. Software as a Service, also known as (SaaS), Infrastructure as a service (IaaS) and Platform as a service (PaaS) are the three types of cloud computing. SaaS is a cloud-based service which offers access to a software or application via an internet browser. An example of SaaS…
Read More
2019 Year-End Cyber Security Review; 2020 Prediction

2019 Year-End Cyber Security Review; 2020 Prediction

Information Security
2019 Year-End Cyber Security Review; 2020 Prediction Only a few days left until 2020 arrives, LifeLabs disclosed that it paid ransom to cyber attackers to “retrieve” the personal information of its15 million customers – affecting nearly half of the population in Canada. This data breach, the largest to date in this country, gives a glimpse of what the cyber security situation in 2019 looked like and what lies ahead in 2020. LifeLabs Data Breach President and CEO of LifeLabs Charles Brown, in a statement, said that personal information of approximately 15 million customers wasillegally accessed on the company’s computer systems, with the vast majority of the affected customers from British Columbia and Ontario. Brown said that stolen personal information includes name, address, email, login, passwords, date of birth and health…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
Researchers Unearth New VPN Vulnerabilities

Researchers Unearth New VPN Vulnerabilities

Information Security
Researchers Unearth New VPN Vulnerabilities Over the past few days, details about security vulnerabilities relating to virtual private network (VPN) have been disclosed by security researchers. Immersive Labs researcher and content engineer Alex Seymour recently disclosed that he found two security vulnerabilities, one referred to as CVE-2019-17387 and the other security vulnerability referred to as CVE-2019-17388, in Aviatrix VPN, an enterprise VPN used by organizations such as the National Aeronautics and Space Administration (NASA). CVE-2019-17387, in particular, allows an attacker to gain elevated privileges through arbitrary code execution on these operating systems: Windows, Linux and macOS. While Aviatrix uses certificates to validate legitimate VPN users, preventing supposedly unauthorized access, Immersive Labs said that a bit of digging reveals that relevant private key and certificates can be retrieved inside the file…
Read More
Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Information Security, News
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks Microsoft recently confirmed the ongoing BlueKeep attacks and warned that future BlueKeep attacks will likely be more damaging as systems remain unpatched. What Is BlueKeep? On May 14, 2019, Microsoft released an out-of-the-schedule patch for the security vulnerability CVE-2019-0708, also known as BlueKeep. This security vulnerability affects older versions of Windows, specifically Windows 7, Windows Server 2008 and Windows Server 2008 R2. According to Microsoft, this security vulnerability, when left unpatched, is “wormable”, which means that any future malicious software (malware) that exploits this vulnerability could propagate from one vulnerable computer to another vulnerable computer in the same way that the WannaCry malware spread across the globe on May 12, 2017 – affecting hundreds of thousands…
Read More