Data breach at the Metropolitan Opera, and more GoAnywhere MFT victims.

Welcome to Cyber Security Today. It’s Friday, May 5th, 2023, I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

New York’s Metropolitan Opera is notifying over 45,000 people of a data breach. In a letter sent to patrons who bought items online the institution said data stolen includes names, financial account or credit card numbers, card security codes and Met account passwords or PIN numbers. The Met believes that data was stolen between September 30th and December 6th.

The hack of a Canadian company that provides services to the investment community has led to the theft of some customer data of two wealth management companies. According to the Globe and Mail newspaper, the companies are the latest publicly identified victims of a vulnerability in Fortra’s GoAnywhere file transfer tool. The service company is InvestorCom Inc. Two of its clients, the financial firms whose customer data was copied, are Mackenzie Investments and Franklin Templeton Canada. The Clop ransomware gang has taken credit for using a hole in GoAnywhere MFT.

The Russian-aligned Killnet denial of service hacktivist group is trying to create what it calls a private military hacking company. According to researchers at Flashpoint, in March the group announced on the Telegram messaging platform creation of a unit called Black Skills. Applicants have to fill out a formal questionnaire listing their skills, including whether they have served in an army or as public servants. It isn’t clear if the goal is to re-brand or re-organize Killnet into something bigger. According to the report, Killnet is looked down upon by top-tier hacking forums.

A fake invoice from the Louisville Professional Firefighters Association is the latest use of PayPal to launch phishing campaigns. Researchers at Avanan spotted the recent fraud. A message is going out to PayPal users claiming to be from the firemen. Victims might think its a donation they promised. One tip this is a fake: There is no Louisville Professional Firefighters Association. There is a firefighters union. Another sign: The phone number on the “invoice” is fake. Some PayPal users may be fooled by messages like this because they come through PayPal’s platform. A pitch for money is a warning sign.

Last week I reminded IT administrators who use the PaperCut print management application to update their servers as soon as possible to close a vulnerability. Several security vendors then said there are ways to detect exploitation. This week researchers at VulnCheck found a new way to exploit that vulnerability. That means there’s another indicator of compromise to look for even if you’ve patched PaperCut.

Finally, another vendor has warned an end-of-life product has a vulnerability. This time it’s Cisco Systems. The manufacturer says its SPA1122-Port Phone Adapters have a critical vulnerability. The thing is, Cisco stopped supporting these devices almost three years ago. So you don’t have any in your network environment, right? Because if you do, you’re in trouble: Cisco won’t be patching this hole.

That’s it for now. But later today the Week in Review edition will be out. Guest Terry Cutler of Cyology Labs will be here to talk about the latest news with ChatGPT, and why lack of basic cyber hygiene was behind two recent hacks.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, May 5, 2023 – Data breach at the Metropolitan Opera, and more GoAnywhere MFT victims first appeared on IT World Canada.

Leave a Reply