All eyes on TikTok, Hitachi Energy is the latest GoAnywhere MFT victim, and more.
Welcome to Cyber Security Today. It’s Monday, March 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The week starts with security researchers and government officials from around the world looking ahead to Thursday. That’s when TikTok’s CEO is scheduled to testify before the U.S. Congress. He will face allegations the video app is a threat to the privacy of users and worries its parent company has to be obedient to China. Several countries, including the U.S. and Canada, have banned federal civil servants from having the app on government-owned computers and smartphones. The U.S. has reportedly told TikTok’s parent company, ByteDance, that it has to sell control of TikTok. The latest news is that the U.S. Justice Department is investigating a report that last year some ByteDance employees improperly accessed the TikTok user data of two reporters. According to Reuters, those staffers were trying to find out who at TikTok was leaking information to the press. Reuters said ByteDance fired four people.
Hitachi Energy is the latest company to admit it was victimized by the hack of Fortra’s GoAnywhere MFT managed file transfer platform. Hitachi Energy sells a wide range of products to utilities. It has offices around the world. In a press release the company said neither its network operations nor customer data were affected. But employee data might have been copied. The Clop ransomware gang is taking credit for finding the vulnerability and compromising the data of over 100 companies.
Attention cybersecurity researchers and IT security teams. Details about the workings of the latest version of the LockBit ransomware strain are now available from the U.S. Cybersecurity and Infrastructure Security Agency. LockBit 3.0 attempts to spread across a victim network by using a preconfigured list of credentials hardcoded into the strain, or by compromising a local account with elevated privileges. The report includes the most recent indicators of compromise. According to SecurityWeek, one of the LockBit gang’s most recent conquests was Maximum Industries, a Texas company that specializes in machining services. One customer allegedly is Space-X. LockBit claims it got copies of thousands of Space-X drawings that will be auctioned off unless paid by today.
The BianLian ransomware gang has shifted tactics. According to researchers at Redacted, the gang now focuses on stealing data and trying to extort victims to pay rather than ransoming encrypted data. It could be a coincidence, but this comes after researchers at Avast released a decryption tool to help victims of the BianLian strain recover their scrambled data. The gang claims to have hit 118 victims, many of them in the healthcare sector. Assuming the listing are true, the overwhelming majority of their victims are in the U.S., followed by the U.K., Australia, India and Canada. The gang uses a backdoor created in the Go language. The report includes indicators of compromise.
Do you own a Google, Samsung or Vivo smartphone that uses Samsung’s Exynos [ EX-IN-OS ]chipset? If so you should turn off the device’s ability to use Wi-Fi calling and Voice-over-LTE until they are patched. That’s because the chips have serious vulnerabilities. According to Google, an attacker can compromise certain models of these phones — and vehicles that use the Exynos Auto chipset — by just knowing the target’s phone number. Google Pixel devices had the patches automatically installed this month. Owners of Samsung and Vivo devices should check with their cellphone carriers to see if the patches are available.
Companies still aren’t doing enough to protect the usernames and passwords of employees from theft. The latest example is the hack of an Australian company called Latitude Financial. The company admitted a hacker was able get hold of an employee’s login credentials, which were then used to steal personal information from two of the institution’s service providers. That included over 100,000 identification documents like copies of driver’s licences. A SANS Institute commentator said login credentials shouldn’t be stored unencrypted. The incident shows that multifactor authentication must be mandated for all employees.
Finally, the National Basketball Association is notifying fans their names and email addresses were stolen in the hack of a third-party service. The BleepingComputer news site says an unknown number of people are being warned they may be getting phishing emails trying to get passwords or other sensitive information.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.