Cyber Security Today, Week in Review for Friday, February 10, 2023
Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
In a few minutes Terry Cutler of Montreal’s Cyology Labs will be here to discuss recent news. But first a look back at some of the headlines from the past seven days:
A security researcher discovered several vulnerabilities in Toyota’s supplier website that gave access to … everything. Terry and I will talk about how this happened.
We’ll delve into the rush to protect servers running unpatched and outdated versions of VMware’s ESXi hypervisor from ransomware, and ask why are companies running old applications.
Lists of some 20 million customers who used two U.S. companies for background checks of employers and individuals are being pedalled by crooks. Terry and I will have something to say about that.
And we’ll look at a suggestion the Canadian government offer tax breaks to encourage small businesses to spend more on cybersecurity.
In other news, IT administrators whose firms use open-source and free versions of certain document management systems were warned of vulnerabilities. Researchers at Rapid7 say the problems are in on-premise versions of OnlyOffice Workspace, OpenKM, Logical-IDOC and Mayan EDMS. At the time of the recording of this podcast the vendors hadn’t patched the holes. So administrators have to take precautions, some of which are outlined in the Rapid7 report.
The U.S. and the United Kingdom have sanctioned seven people who they say are members of the Trickbot cybercrime group. The Trickbot malware is widely distributed through botnets and email campaigns. Sometimes its also used to help deploy ransomware. The U.S. says current members of the gang are associated with Russia’s intelligence service. The sanctions mean the seven can’t access any assets they have in the U.S.
A British member of Parliament says he fell for a phishing scam. Stewart McDonald admitted he opened a message sent to his personal email account with a supposed military update on Ukraine. Clicking on the document opened a form where he filled in…
