GitHub starts enforcing multifactor authentication, news on botnets and more.
Welcome to Cyber Security Today. It’s Monday, March 13th, 2023 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Today’s a big day for developers who use GitHub for creating applications. That’s because those of you who haven’t already enabled two-factor authentication on your accounts will start getting warning messages. You’ll have 45 days to configure 2FA for access. This isn’t happening all at once. It’s being rolled out gradually over the next couple of months. But instead of waiting, you can enable it now. It helps ensure your account isn’t hacked. Smart developers will choose to get their second-factor number through an authenticator app. Those who want the best security will also sign up to use a physical security key to plug into their computers.
Backup solutions provider Acronis has acknowledged the login credentials of a customer have been compromised. This came after a crook posted stolen data on a criminal website claiming to be certificates, system configurations, command logs and other data. The company told The Register that the unnamed customer had uploaded diagnostic data to Acronis support. Acronis says none of its products were affected.
American, Swiss and Croatian authorities have shut the operation behind the NetWire remote access trojan. Last week federal authorities seized an internet domain called WorldWideLabs used by crooks to sell the malware. At the same time police in Croatia arrested a man who allegedly was the site’s administrator, while authorities in Switzerland seized a server hosting the NetWire infrastructure. As part of the investigation the FBI created an account on WorldWideLabs and, apparently, learned a lot.
The Clop ransomware gang has started leaking data of victims from information captured through a vulnerability in Fortra’s GoAnywhere MTF secure file-sharing platform. Bleeping Computer reported that screenshots of data from several alleged victims of the hack have been posted on the ransomware gang’s site. Some victims are also getting ransom demands.
A company called Blackbaud, whose data management software is used by non-profits in a number of countries including Canada and the U.S., has agreed to pay US$3 million to settle allegations of making misleading disclosures about a 2020 ransomware attack. The U.S. Securities and Exchange Commission said Blackbaud initially announced the attacker didn’t access donor bank account information or social security numbers. However, soon after some company staff learned that data had been copied. But those employees didn’t tell senior management. As a result when Blackbaud filed its next quarterly report with the regulator the new information wasn’t included. That only came out publicly a month later.
A new and improved version of the Prometei botnet has been released. Researchers at Cisco Systems say the botnet has infected about 10,000 Windows and Linux systems for spreading the Monero cryptocurrency miner. The best way to protect your systems from being infected is by patching all applications as soon as security updates are released, and by ensuring strong passwords are used on corporate internet-connected devices.
Separately, researchers at Palo Alto Networks discovered a new botnet they call GoBruteforcer. It targets web servers running phpMyAdmin, MySQL, FTP and Postgres applications. It gets into systems by — as its name suggests — a brute force attack on administration passwords. So, web administrators, the best protection is to make sure the passwords of everyone who has admin access to your websites use strong passwords. And they should be protected with multifactor authentication.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.