The newest information on Home windows patches, a warning to medical IT directors, a Mitel VoIP vulnerability being exploited and extra.
Welcome to Cyber Safety Immediately. It is Wednesday, September 14th, 2022. I am Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Yesterday was Patch Tuesday, the day Microsoft and Adobe launched safety updates for Home windows and different merchandise. IT directors ought to word one patch fixes an escalation of privilege vulnerability that may very well be leveraged by an attacker that already has entry to a server. The vulnerability would permit them to get system privileges. Pattern Micro’s Zero Day Initiative says that of the 64 new vulnerabilities patched, 5 are rated crucial and 57 are rated as essential.
Your private laptop needs to be set to obtain updates mechanically, but it surely does not damage to test by going to the Home windows Replace part of your PC.
IT safety leaders are more and more chopping the variety of distributors they purchase merchandise from. In response to Gartner, three-quarters of organizations it lately surveyed stated they’ve a method of safety vendor consolidation. Fifty-seven per cent of respondents stated their organizations are working with fewer than 10 distributors for his or her safety wants. Why the seller consolidation? As a result of safety leaders aren’t pleased with operational inefficiencies and the shortage of product integration, says Gartner.
Unpatched Web-connected medical units operating on outdated software program are more and more being exploited by risk actors. That is in accordance with the FBI. This week it warned affected person security and the confidentiality of non-public well being information is in danger. Routine challenges embrace securely configuring medical units, units that lack safety features and units with custom-made software program that wants particular patching procedures. Units in danger embrace insulin pumps, intracardiac defibrillators, pacemakers and pumps that ship ache remedy. A latest analysis report performed by a cybersecurity agency discovered 53 per cent of linked medical units and different web of issues (IoT) units in hospitals had identified crucial vulnerabilities, the report factors out. The FBI urges medical IT directors to guard linked units with antivirus software program if doable, to encrypt medical machine information and to make sure units can solely be accessed by means of advanced passwords. If a tool is disconnected from an IT community for service there must be integrity verification earlier than it’s reconnected.
A vulnerability in Mitel’s MiVoice VoIP equipment utilized by companies is being exploited by a ransomware group. Researchers at Arctic Wolf stated a risk actor lately deployed the Lorenz ransomware on a sufferer after leveraging Microsoft’s BitLocker Drive Encryption to scramble the group’s information. Monitoring crucial property alone will not be sufficient to guard in opposition to cyber assaults, the report warns. Safety groups ought to monitor all externally dealing with units for potential malicious exercise, together with voice-over-IP telephony purposes and IoT units.
Truck rental company U-Haul says a hacker obtained maintain of the names and driver’s license numbers of consumers who rented autos between November fifth of final yr and April fifth of this yr. They did it by compromising two distinctive passwords. That allows the hacker to entry a buyer contract search device. In a duplicate of a letter being despatched to affected prospects and filed with the State of Montana, U-Haul is not saying how the passwords had been compromised, nor what number of prospects had been affected.
Lastly, Apple launched iOS 16 for iPhones and iPads, in addition to a variety of safety patches for earlier releases. iOS 16 contains Lockdown Mode, for executives, reporters and others apprehensive about focused assaults. It restricts sure non-essential options so there are fewer methods an attacker can compromise a tool.
Comply with Cyber Safety Immediately on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your sensible speaker.