Sunday, September 25, 2022
Home Tech News Cyber Security Today, Nov. 12, 2021 – Ransomware training from Ryerson, Aruba...

Cyber Security Today, Nov. 12, 2021 – Ransomware training from Ryerson, Aruba Central compromised, new botnet is discovered and more

Ransomware training from Ryerson, Aruba Central is compromised, a new botnet is discovered and more.

Welcome to Cyber Security Today. It’s Friday, November 12th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Is your firm having trouble with its ransomware strategy? Ryerson University’s Cybersecure Catalyst is offering virtual and in-person training for IT leaders and senior managers of Canadian organizations. The fee-based workshop for business leaders has four 90-minute sessions to help managers assess their incident response capabilities. For IT teams there’s a half-day simulated ransomware attack to test their incident response skills. Here’s a link to the details.

Another network monitoring platform has been compromised. HPE is warning network administrators that use its cloud-based Aruba Central network monitoring service that an attacker was able to get hold of a data access key last month. Accessed was data on some Wi-Fi network behaviour, performance and location information on most customers going back to September 10th. This is data HPE collects for analytics. The data also includes device MAC and IP addresses, both of which could identify a user.. So far HPE believes a “very small amount” if any data was copied.

A new botnet is targeting routers and IoT devices to distribute malware. Researchers at AT&T call iBotenaGo, in part because it’s written in the Go programming language. Currently it comes ready to exploit more than 30 unpatched vulnerabilities in devices from manufacturers including D-Link, Netgear, Linksys, Comtrend, ZyXEL and others. Then it can burrow deeper into infected systems. Businesses and individuals alike can stop attacks like this by making sure all software and hardware have the latest security patches. If your routers and other hardware are old and the manufacturer doesn’t offer patches anymore they have to be replaced.

Attention IT administrators: If your firm uses VMWare’s vCenter Server or Cloud Foundation note the advisory that VMware put out yesterday. There’s a privilege escalation vulnerability that has to be addressed. So far only a workaround is available.

Attention WordPress administrators: If you use the Pro version of the WP Reset plugin make sure you’re running the latest version. Researchers at PatchStack discovered a vulnerability that could allow an authenticated user to wipe an entire WordPress database. In addition the attacker could upload a malicious plugin or backdoor in a new WordPress installation that follows the deletion of the database.

And users of Apple’s iCloud for Windows version 13 should note there’s a new security update available to close a serious hole.

Open-source software development teams that use Google’s OSS-Fuzz program to uncover security coding errors have a new aid. It’s called ClusterFuzzLite, and it’s also from Google. It works with OSS-Fuzz to catch regression bugs early in the development process. For those who don’t know, fuzz testing — or fuzzing — inserts random data into an application to see if the software crashes or does dangerous things. Developers using the GitHub platform can integrate ClusterFuzzLite into their workflow. And it’s free.

Finally, later today the Week in Review edition will be out. A guest commentator and I will talk about protecting against lateral movement in cyberattacks, preventing customer support employees from being fooled and zero-day threats.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

- Advertisment -

Most Popular

‘Be an ally’: Black public servants facing ‘trauma’ amid class action, says organizer

One of the organizers behind the class action lawsuit filed against the federal government by Black public servants says he wants Canadians learning about...

Apple Pay Later is reportedly facing ‘technical and engineering’ issues

/ Apple’s take on a buy now, pay later service may not arrive until next year Illustration by Alex Castro / The...

‘We saw what happened in Ontario’: Quebecers urged to vote in provincial election

MONTREAL — An incumbent premier and his party sail through an election campaign as a fragmented opposition vies to capture the attention of voters...

Acer Predator Triton 500 SE review: I expected more

/ The Triton 500 SE is an expensive gaming laptop that doesn’t flex its hardware enoughThe Acer Predator Triton 500 SE offers high-end...