Cyber ​​Security Today, January 9, 2023 – Russian gang tried to hack US nuclear research labs and more malware in PyPI

Cyber ​​Security Today, January 9, 2023 – Russian gang tried to hack US nuclear research labs and more malware in PyPI

Russian gangs tried to hack US nuclear research labs and more malware in PyPI

Welcome to Cyber ​​Security today. It’s Monday, January 9, 2023. My name is Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.

A Russian-based hacking team targeted three US nuclear research laboratories last summer. That’s according to the Reuters news agency, which said the group is called Cold River by scientists. The attackers created fake login pages for each of the three labs and then sent phishing emails in the hope that researchers would fall for the bait, click on links and enter their passwords. Reuters was unable to determine whether anyone was duped. The Cold River group has escalated its hacking efforts against countries that support Ukraine since the Russian invasion just over a year ago. One of the successes happened last May when it broke into and leaked emails from the former head of Britain’s MI6 spy agency.

More malicious packages has been discovered in the PyPI open code repository. It is used as a resource by developers of Python language applications. Researchers at Phylum discovered six packages of malware code in late December. They will install information stealers and Trojans with remote access. According to a news report, they have now been removed from PyPI. However, they will need to be manually deleted from the systems of anyone who downloaded them. It’s another reminder to developers that they need to carefully scan anything they take from an open code repository before they can be used.

People who run Apple computers may think they are immune to malware. They are not. There are many bad things targeting Apple phones, tablets and computers, including ransomware. A report last week from Microsoft describes four ransomware strains targeting computers running the macOS operating system. IT administrators with Macs in their environment should review the report. Separately, Trend Micro warned Mac users that Dridex malware that steals banking passwords from Windows computers may target Macintosh computers. Researchers have seen Dridex code that suggests malware is being prepared for machines running macOS. Computers become infected with Dridex when users download infected documents. As always, be careful when downloading anything.

See also  These 16 clicker malware infected Android apps were downloaded over 20 million times

Tomorrow, January 10 is Patch Tuesday, when Microsoft and other companies release their monthly security updates. But for Windows administrators, tomorrow is important for another reason: Microsoft will end support for Windows 8.1. This means that you no longer call Microsoft for help and that you miss security updates. Not only that, you won’t be able to purchase Microsoft Extended Security Update support for Windows 8.1. And if your organization runs Microsoft 365, you will no longer receive updates for the Office apps; this includes features, security and other updates. You can upgrade computers to Windows 10, but remember that support for it will end in October 2025. Or upgrade to Windows 11 if your computers can handle it. IT departments got this message a while ago, but home and small businesses can still run Windows 8.1.

Next month, the Google Chrome browser will stop supporting all Windows versions prior to Windows 10.

Looking further ahead, extended support for Windows Server 2012, including version R2, will end in October.

Patients and staff from a health clinic in Pennsylvania began being notified last week that a ransomware gang was copying their personal information. Data that was stolen included names, social security numbers, dates of birth and driver’s license numbers – the kind of information perfect for creating fake IDs. Here’s the thing: The clinic discovered the attack eight months ago, in April 2022. The clinic was hacked in August 2021. That means the crooks were hunting around for data undetected for months. It also took months before the victims were notified. The clinic explained that it took time to find out what information was stolen.

See also  How to tell a partner has hacked your phone - the 10 'warnings' about spyware

How fast victims of data breaches must be notified depends on local law. American telecommunications operators, for example, do not have to tell victims until seven business days have passed after a data breach. They may need to do it much faster. On Friday, the Federal Communications Commission proposed to eliminate the seven-day rule. Given the increase in frequency, sophistication and scope of data breaches, the Commission believes it needs to update its rules to protect consumers. The rule gives carriers time to assess in detail what happened and what data is at risk. But some argue that the delay gives threat actors a seven-day head start on exploiting the data they have stolen.

Under Canadian privacy law, a telecom operator must notify victims as soon as possible if they believe a breach poses a real risk of significant harm to individuals.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts or add us to the Flash Briefing on your smart speaker.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *