Public hearings on the Rogers outage start right this moment, a data breach at Entrust and patches issued for SonicWall and Confluence products.
Welcome to Cyber Security Today. It’s Monday July twenty fifth, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A televised parliamentary listening to begins this morning into the explanation for this month’s big Rogers web and wi-fi outage. First up will probably be Industry minister François-Philippe Champagne and officers from his division. They could also be questioned about the effectiveness of the authorities’s work with Rogers and different telcos on emergency preparedness. The authorities established the Canadian Telecom Resiliency Working Group years in the past to assist telcos work on community resiliency.
Next up will probably be Rogers officers, who will probably be requested about the root explanation for the July eighth collapse of service. I’ve a story summarizing a prolonged Rogers rationalization to the telecom regulator, the CRTC. In that doc Rogers blamed the outage on a upkeep replace that deleted a routing filter, which triggered its web site visitors distribution routers to be overloaded. But Rogers additionally insists all the things carried out earlier than the code was put in was well-tested, validated and adopted established procedures. In the public model of the Rogers submission there’s a proof of the root trigger. But the CRTC, which launched the doc, blanked that part out. It additionally blanked out the part the place Rogers explains what it’s doing to stop a repeat of the crash. Those blanks could also be crammed in throughout the listening to.
Rogers may additionally be requested why there was an obvious single level of failure in its community design, and why solely now could be it working to segregate its wi-fi and web networks.
Also scheduled to testify are CRTC officers, who could also be requested if its oversight failed as a result of Rogers wi-fi subscribers couldn’t name 911 when its community went down.
Finally, different specialists will testify about their view of how the lack of competitors amongst Canadian telecom suppliers may need contributed to the outage.
Entrust, considered one of the greatest suppliers of digital id safety and safe fee options, has been hit by a data breach. According to the Bleeping Computer news service, the assault occurred final month. Entrust clients, which embrace governments and companies, have been advised earlier this month. It isn’t recognized if solely Entrust company data was stolen or if buyer data was additionally concerned. The information service quotes a safety trade government saying a ransomware gang received into Entrust’s system by shopping for and utilizing compromised login credentials of Entrust staff.
On Friday morning’s podcast I advised you about a new model of the Qakbot malware that seems to be a Microsoft Write file. Researchers at Cyble have found the gang additionally has one other trick for distributing and putting in its malware. Victims who’re fooled into clicking on an contaminated attachment will obtain a password-protected zip file. When the sufferer tries opening the file it seems to be an Acrobat PDF doc. There’s a provided password the sufferer has to make use of to view the file. If they do this malware will get put in. Employees should continually be reminded of the risks of clicking on hyperlinks in emails and be educated to identify suspicious hyperlinks. IT safety groups have to ensure their antivirus and antimalware options can spot this type of assaults.
SonicWall has issued an pressing patch for a flaw in its Global Management System software program for managing the firm’s firewalls, e mail safety and distant entry gadgets. This fixes an SQL injection vulnerability. SonicWall recommends administrators install the patch immediately.
Microsoft has resumed default blocking of Visual Basic for Applications workplace macros obtained over the web. It had quickly stopped the safety precaution, aimed a stopping contaminated macros from routinely operating. Now it has updated its advice for IT directors about choices they’ve for blocking macros via a Group Policy. End customers will see a clearer message that a probably harmful macro has been blocked.
Finally, Atlassian, which makes the Confluence group collaboration suite, has warned firms there’s a main vulnerability in the Questions for Confluence app. Not all firms use this functionality. But in the event that they do and they’re migrating data to the Confluence Cloud there’s an account that will get created that features a hardcoded password to the customers group. That will enable anybody realizing the place to search out the password to view and edit non-restricted messages. Now that this vulnerability is understood directors have to put in a patch. Note that if the Questions for Confluence app has been uninstalled the vulnerability should still be there. Check the Confluence advisory for particulars on programs.
That’s it for now Remember hyperlinks to particulars about podcast tales are in the textual content model at ITWorldCanada.com. That’s the place you’ll additionally discover different tales of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your sensible speaker.