Windows Update alert, a warning to data centre admins and a digital loan platform hacked
Welcome to Cyber Security Today. It’s Monday, January 31st, 2022. I’m Howard Solomon, contributing reporter for ITWorldCanda.com.
Windows administrators – and home users — who put off installing the January 11th Windows Updates better change their minds fast. That’s because multiple exploits were found last week that can take advantage of a serious vulnerability in the operating system. According to the Bleeping Computer news site, threat actors with limited access to a compromised Windows 10 computer can use the vulnerability to easily elevate their privileges to get Windows administrator power. Microsoft fixed this hole in the January Patch Tuesday security releases. But some Windows administrators put off installing those patches after hearing they had some bugs. However, those have been fixed. With the discovery of exploits for the serious vulnerability no delay can be justified now.
Some data centre IT administrators aren’t locking down their software-based management systems, leaving them open on the internet to an external attack. That’s the conclusion of researchers at Cyble. They found many data centres have vulnerable pieces of server, power and building management software open to cyber attacks. Some applications are vulnerable because they are running with default application passwords that are known to hackers. An attacker who can access a data centre’s management system and get administrator rights could infiltrate or damage any server or storage device on the network. Data centre managers need remote access to systems for emergencies when staff can’t get into a building. However, anything that has to be open to the internet must be locked down with strong passwords and multifactor authentication. In the case of data centre admins and their IT staff, that could mean having a secure USB key plugged into their computers for the best authentication protection.
Finally, there’s more evidence that a blockchain isn’t enough to stop a determined crook from stealing digital currency. This comes after the discovery last week that someone stole the equivalent of $80 million from Qubit Finance, a decentralized finance platform where digital currency owners can use their digital currency to lend and borrow funds. The platform works on what are called smart contracts for transactions, with a bridge function to other digital financial networks. According to Qubit Finance, something went wrong in the bridge deposit function allowing the theft.
That’s it for now. Remember links to details in podcast stories can be found in the text version at ITWorldCanada.com Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon