An old US no-fly list found on an unprotected airline server, an ad fraud scheme is disabled and more.
Welcome to Cyber Security Today. It’s Monday January 23rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A four-year old list of thousands of people on the U.S. government’s no-fly list at the time has been discovered on an unsecured server on the internet. The server belongs to the U.S. airline CommuteAir. Governments around the world have no-fly lists of suspect people, lists that have personal information. Not only did a security researcher find the no-fly list, they also found information on almost 1,000 CommuteAir employees. The airline told the Daily Dot news site the data was on a development server used for application testing. A couple of lessons from this: First, IT administrators need to secure all servers, including those used for testing. This is especially vital for a test server connected to the internet. Second, management needs to think about data retention policies. Was there a need for the airline to have a four-year-old no-fly list? If so, the data on this sensitive list should have been altered with fake names and addresses just in case, you know, it gets stolen.
An online advertising fraud scheme that spoofed 1,700 apps has been disrupted by threat researchers. At its peak the scheme, which has been dubbed Vastflux, generated 12 billion ad bid requests a day from 11 million infected devices. The infection installed secret video players on smartphones that invisibly played ads to get revenue for crooks for allegedly being seen by viewers. There are ad verification tags to prevent this kind of fraud. However, this scheme had a way of evading that. For now the scheme has been stopped. However, the researchers at Human Security suspect the crooks behind it may adapt. Their advice: Mobile app developers should build with the Open Measurement Software Development Kit to prevent their app from being hijacked. And ad platforms should enforce standards to identify who is allowed to sell ad inventory and reveal seller identities.
Hackers are now using Microsoft OneNote attachments in phishing emails to spread malware. The Bleeping Computer news site found a recent example in an email message pretending to be from the DHL courier service. The message asks the recipient to confirm the attached shipping document for accuracy by clicking on the attachment. That launches the malware. Using OneNote gets around defences built into Office. However, a warning message will pop up that opening the attachment could hurt the computer. Employees have to be reminded to pay attention to the warning.
A week ago on a podcast I reported that Cisco Systems had discovered a vulnerability in some end-of-life models of its small business RV-series routers. The point of the story was that Cisco wouldn’t be issuing patches because these models are no longer supported. How many of these routers are still being used? According to a blog last week by researchers at Censys, 20,000 devices connected to the internet are potentially vulnerable. Of those almost 4,600 are in the U.S., and almost 1,750 are in Canada. Network administrators should check if they are still using these devices. If so, remote management access should be disabled while you are looking for replacement routers.
Pressure continues to fall on the China-based video-sharing platform TikTok. It’s been banned on government-issued devices in 22 American states and across the U.S. federal government. According to the Associated Press, the latest squeeze comes from the European Union, which last week reminded TikTok’s CEO that the platform will have to comply with the upcoming EU Digital Services Act. That act, which comes into force in September, obliges big online companies to reduce harmful content uploaded by users.
Finally, IT administrators overseeing installations of OpenText Extended ECM should install the latest version of the content manager. It closes multiple serious vulnerabilities found by researchers at SEC Consult. You should be running version 22.4 or install hotfixes.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find my stories on TechNewsDay.com. Thanks for listening. I’m Howard Solomon