Another printer vulnerability found, and more corporate ransomware victims.
Welcome to Cyber Security Today. It’s Wednesday July 21st, I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
A Canadian company that runs several medical clinics across the country may have been victimized by a data theft. The Marketo criminal marketplace, one of the places where crooks sell stolen data, is listing the company on its website. The company hasn’t responded to my requests for comment. As proof of the hack the criminal website has posted copies of what it says is part of what was copied. A security researcher sent me one of the documents, which looks like contact information between the healthcare chain and an Alberta university.
As if the Windows Print Spooler vulnerability wasn’t enough of a problem, now there’s news that possibly millions of printers made by HP, Xerox and Samsung have had a printer driver vulnerability around for over 15 years. Researchers at Sentinel Labs are urging IT administrators and individuals with printers from these companies to make sure they have the latest printer drivers. HP issued fixes in May. The report says 380 HP and Samsung printer models as well as at least a dozen Xerox models are affected. The good news is researchers have seen no evidence hackers know about and have exploited this problem to compromise computers. However, now that the secret is out patching is essential.
Corporate and employee data belonging to one of the world’s biggest energy companies, Saudi Aramco, is being sold on a criminal website. According to the Bleeping Computer news service, the asking price for a copy of the 1 terabyte worth data is $5 million. For an exclusive copy of the data the price is $50 million. The gang selling the data calls itself ZeroX, and says the files were stolen by hacking Aramco’s network and servers last year. Aramco says the data was held by third-party contractors.
One of the biggest law firms in the U.S. has admitted being hit by ransomware in February. The firm of Campbell Conroy & Oneil said it can’t confirm if the attacker copied or saw the information of clients. But it says the files involved had persons’ names, dates of birth, Social Security numbers, drivers licence numbers and other data. That would be perfect for identity fraud, impersonation and extortion.
Another ransomware victim is Cloudstar, a provider of computer infrastructure services to a number of companies in the real estate, finance, insurance and energy sectors. The company called it a highly sophisticated ransomware attack that meant all but its email, email encryption and some support services were unavailable. As of Tuesday, when this podcast was recorded, full restoration of systems still hadn’t been achieved.
Finallly, I’ve warned before about the dangers of hunting for and downloading free versions of commercial software and games. The odds are any so-called cracked software is infected. This week cybersecurity company Bitdefender found a new piece of malware aimed at people looking for cracked software. The computers of victims get infected when they click on a link when using a search engine to search for free versions of paid software. Once inside a computer the malware tries to steal browser cookies, add crypto-currency miners and install a backdoor. The lesson: Don’t take a shortcut and download applications from untrusted websites.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.