Cyber Security Today, April 25, 2022 – Report shows how the Lapsus$ gang succeeded and patches for Atlassian, Java and Amazon software are released
Report shows how Lapsus$ gang succeeded, and patches for Atlassian, Java and Amazon software are released
Welcome to Cyber Security Today. Today is Monday, April 25, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Cybersecurity pros are in turmoil that the Lapsus dollar extortion gang was able to hack into the systems of US wireless carrier T-Mobile last month. Security reporter Brian Krebs made the discovery after reading the gang’s conversations on the Telegram messaging service. These were communications made shortly before the arrests of a number of gang members in Britain. Two of them now face criminal charges. Most news sites focus on T-Mobile’s admission that it was hacked. The carrier pointed out that no customer data was accessed. What I found most interesting about Krebs’ story was how gang members were able to get into T-Mobile, Microsoft, Samsung, Nvidia and other big companies: either by buying information from identification with access to computer systems on criminal websites, or by convincing company support staff. to reassign an employee’s mobile number in a tactic called SIM card swapping so they can bypass two-factor authentication. As I said before, good two-factor or multi-factor authentication prevents many attacks. But getting it right means training support staff not to fall for sob stories from a stranger on the phone or text message about needing to change or add phone numbers to accounts. It also means smartphone users must have a PIN on their accounts that an attacker must know to make changes to a user’s account. What happens when internal procedures are done well? Attackers are blocked. According to Krebs’ story, that’s what happened at a Florida customer support outsourcing company called Iqor. Lapsus$ spent days trying to convince employees to remove multi-factor authentication on accounts for which they had the username and password. Iqor employees wouldn’t fall into any traps.
Atlassian released security updates for its project management applications Jira and Jira Service Management. These updates resolve a critical vulnerability that, in certain configurations, could allow an attacker to bypass authentication controls. Updates should be installed as soon as possible.
Sometimes patches need patches. The latest example comes from Amazon, which in December released a hotpatch for both versions of Amazon Linux systems running Java virtual machines to fix critical vulnerabilities in the log4j2 library. However, this fix created its own issues. Amazon has therefore released a new version of the hotpatch. He also released a new version of the utility called Hotdog, which is used to inject the log4j2 hot patch into containers. Customers using the Amazon Bottlerocket OS to run containers should also update it.
There is another problem related to Java IT administrators urgently need to pay attention. If your environment uses applications with Java 17 and 18, they must be updated. Oracle has already released a critical April patch update for its applications. The problem lies in an algorithm used to sign digital documents in features such as multi-factor authentication. A vulnerability could allow an attacker to forge an SSL certificate to bypass a security check. The vulnerability could also affect Java versions 15 and 16, but these are no longer supported and should therefore no longer be used.
That’s all for the moment. Remember that links to podcast story details are in the text version on ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.