0:00

Cybersecurity Today is brought to you by

0:02

the generous support of our sponsor, Boseron

0:04

Security. You. You Can get their Twenty

0:07

Twenty Four State of Cyber Security Awareness

0:09

report at both are on security.com and

0:11

is a link you can follow in

0:13

the show. Notes: More.

0:17

Suspicious attempts to take over

0:20

open source projects, A data

0:22

theft at Cisco Duo partner

0:24

and more wagon the cyber

0:27

security today and Wednesday April

0:29

seventeenth, Twenty twenty Four I'm

0:31

Howard Solomon. A

0:37

suspected China-based threat actor

0:39

hid in an organization's

0:41

on-premise IT network for

0:43

about three years, in

0:45

part by exploiting unpatched

0:47

network appliances. That's

0:50

according to researchers at Signia who were

0:52

called in to investigate the attack. They

0:55

nicknamed the attacking group Velvet

0:57

Ant. Its goal

0:59

was espionage. One

1:01

tactic was compromising two legacy

1:03

F5 Big IP firewalls

1:06

running an outdated version of the

1:08

operating system that were exposed to

1:10

the internet. The attacker

1:13

used it for internal command

1:15

and control. In fact,

1:17

a gang exploited several entry points

1:19

to get into the IT network

1:22

and maintain persistence. This

1:25

attacker was so adept that as

1:27

soon as one foothold was discovered

1:29

by defenders, the gang quickly shifted

1:32

to another foothold. One

1:34

of the organization's weaknesses, some

1:37

of the IT systems weren't

1:39

monitored. For example,

1:41

some Windows servers weren't connected

1:43

to the organization's endpoint detection

1:45

and response software. Now,

1:48

what I've given here is a short version of

1:50

the report, but it shows

1:52

the importance of establishing a

1:55

resilient defense against sophisticated attackers.

1:58

That means having continuous network

2:00

and device monitoring, periodic

2:03

and systemic threat hunting,

2:06

stringent traffic controls, and system

2:08

hardening. And in

2:10

particular, perimeter firewalls should be

2:13

configured to allow only necessary

2:15

outbound connections. And that

2:17

means internet facing devices such

2:20

as load balancers should be

2:22

behind firewalls. Broadcom

2:25

has released security updates

2:27

to VMware vCenter Server

2:30

to close three vulnerabilities. Two

2:33

of the holes have been rated

2:35

as critical, so administrators should install

2:37

the patches fast. Products

2:40

affected have vCenter Server,

2:42

which means vSphere and

2:44

Cloud Foundation. A

2:47

health board in southwestern Scotland is

2:49

notifying everyone in the region this

2:52

week to assume their personal information

2:54

that it held will likely be

2:56

published by a ransomware gang. In

2:59

the letter to tens of thousands of residents,

3:02

the CEO of the Dumfries

3:04

and Galloway Health District, say

3:06

the data published May 6th,

3:08

included x-rays, test results, and

3:10

letters between healthcare professionals. Still

3:15

in the United Kingdom, cybersecurity

3:17

researcher Jeremiah Fowler has discovered

3:20

another company whose employees created

3:22

an unprotected database open to

3:24

the internet with personal information

3:27

that anyone could have copied.

3:30

The company is Total Fitness, a

3:33

chain of health clubs across northern England

3:35

and Wales. The database

3:37

is largely of faces of

3:40

club members, apparently for identification.

3:43

However, Fowler says it also

3:45

includes images of passports, credit

3:47

cards, and utility bills. The

3:50

risk is the identity of a person can

3:53

be determined through AI and

3:55

facial images search across the internet.