Cyber Security Today, Week in Review for Friday, February 17, 2023

/in


Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

In a few minutes David Shipley of New Brunswick’s Beauceron Security will be here to discuss some recent cybersecurity news. One is that Canadian government and hospital leaders got a shellacking on a webinar for not putting enough funds into healthcare cybersecurity. David will have thoughts on that.

We’ll also talk about the compromise of the GoAnywhere MFT managed file transfer service, whether cyber threat intelligence is used well and why corporate managers and IT security staff don’t communicate better. But first a look back at some of the headlines from the past seven days:

A variant of the Mirai botnet is being used to infect a number of internet-connected devices with old and unpatched vulnerabilities. These include Atlassian’s Confluence collaboration suite, the FreePBX telephony management suite, the Mitel AWC audio conferencing platform, the DrayTek Vigor router, surveillance cameras and more. According to researchers at Palo Alto Networks, infected devices create a new botnet for spreading malware or to launch denial of service attacks. These device are being compromised by brute force credential attacks. IT administrators of any device that connects to the internet must make sure they have secure passwords.

Attackers are still exploiting unpatched versions of Windows Exchange. According to researchers at Morphisec the latest campaign installs cryptomining software on computers. By stealing computing power attackers get to mine for cryptocurrency faster — and slow computers from doing company business. IT departments that for some reason haven’t installed two-year-old patches to close the Exchange vulnerabilities need to scan systems for compromise, then install the patches.

Atlassian is the latest company to be a victim of a successful cyber attack on an outside service provider. According to Cyberscoop, Atlassian initially acknowledged the theft of company data held by a service called Envoy. Envoy is used to co-ordinate…

Source…