World Backup Day Advice, New Malware Targeting Linux, and More
Welcome to Cyber Security Today. It’s Friday, March 31, 2023. In the US he is Howard Solomon, a cybersecurity reporter for ITWorldCanada.com and his TechNewsday.com.
Today is World Backup Day. ITWorldCanada.com has a lengthy article for IT leaders in midsize to large companies, so in this podcast we want to address IT leaders in small businesses. Fortunately, the simplicity of the environment compared to multi-million dollar retailers should make backup and recovery easier. Still, some of the same rules apply. First, decide what data you need to back up, prioritize sensitive information, and decide how often you need to back it up. Next, make sure your data is backed up offsite as well as onsite. It should also be encrypted for added protection. Third, keep your offsite backups from being compromised by hackers. One of the biggest IT mistakes is protecting offsite backups from being encrypted, which ruins the chances of data recovery. Fourth, document backup procedures to ensure knowledge is not leaked when staff leave. Finally, have your IT staff regularly practice restoring backups. Experience is needed in times of disaster.
Note for Linux administrators: New malware has been discovered targeting Linux servers. Researchers at the French company Exatrack call it Melofe and believe it was created by a China-based group. Drops rootkits and server implants. Implants can update themselves, create new sockets for interaction, retrieve system information, and read and write files. This implant is not widely known, suggesting that attackers only use it for high-value targets.
university researchers say There is a fundamental flaw in the Wi-Fi protocol that can affect devices running Linux, FreeBSD, Android, and iOS. In a summary of the report, Hacker News notes that this flaw could be used to hijack TCP connections and intercept client and web traffic. Power saving mechanisms in endpoint devices can trick access points into revealing cleartext data frames.
Cisco Systems says attacks against its Wireless Access Point and Meraki wireless products may be successful. But Cisco believes that the information gained is of little value in a securely configured network. To reduce his chances of success, he should enable TLS to encrypt data in transit. Additionally, network access should be restricted.
Note for Instagram users: Scammers are looking for subscribers who do not have multi-factor authentication enabled. Once they are found, the crooks use brute force attacks to figure out passwords or use phishing attacks to trick users into giving up their passwords. Once hackers gain access, they enable multi-factor authentication to lock out account holders, according to Group-IB researchers. It then renames the hijacked Instagram account to make it appear to belong to a financial institution and trick the account’s followers. The scheme was implemented in Indonesia, but any country can try it. Instagram users have been warned that this is another reason to enable multi-factor authentication.
That’s all. However, later today he will have a week-long review podcast available. Beauceron Security’s David Shipley and I discuss the proposed postponement of research in AI systems, the future of TikTok, and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add it to your smart speaker flash briefing.