Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Healthcare Organizations See Increased Ransomware Attacks. The Health Sector Cybersecurity Coordination Center (HC3) has released an Analyst Note citing increased attacks on healthcare organizations in the U.S. and Australia. The organization reports that the CLOP variant of ransomware is being used in what it terms a “double extortion ransomware” attack in that not only are healthcare organizations faced with unusable encrypted files, but also with the threat of posting unencrypted files to a public site, exposing sensitive information which could potentially include patient records and other personally identifiable information. The report, which includes information from the Australian Cyber Security Center (ACSC) and the Cybersecurity and the Infrastructure Security Agency (CISA), notes that attackers appear to becoming more specific in their targeting of healthcare organizations.

Microsoft Patches Remote Access Elevation of Privilege Vulnerability.  Just another reason to always stay up to date with security releases from Microsoft—and other software publishers. Microsoft has released an update for a vulnerability that would allow a bad actor, who had gained access to a computer, to upgrade their privileges to potentially access confidential files or to embed malicious code. Fortiguard lists a broad range of Windows Server and Windows operating systems that could be impacted by the vulnerability.

Keeping Laptops Safe. Dell has announced that its Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contains an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an system management interrupt (SMI) to gain arbitrary code execution in system management RAM (SMRAM). Dell has produced a patch for downloading. Dell gave thanks to Nicholas Armour from Intel for reporting the vulnerability.  Meanwhile, Lenovo released a notice that “Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.” The problem can be resolved by updating to the Latest BIOS.

GoDaddy Gets Phished. Krebs on Securityreports that bad actors used a voice phishing scam to convince GoDaddy support employees to allow them to take control of at least a half dozen domain names involved in cryptocurrency—including the transaction brokering site escrow.com. The changes were later reversed after the hacks were discovered. Underscoring the constant need for vigilance and education to prevent social engineering attacks, Krebs quotes Go-Daddy as saying: “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”

Just Paranoid? Or is Your Vacuum Cleaner Really Spying on You? Those cute little robotic vacuum cleaners that roam around your house sucking up dust might also be sucking up your conversations. Many of these robots use light detection and ranging (LiDAR) sensors to keep from bumping into walls and furniture. Threatpost carries an article “Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack” that details how university researchers were able to compromise a robotic vacuum cleaner to enable it to transmit acoustic sounds—including voices. Although such a hack would require multiple steps, and isn’t a known threat currently, the researchers said similar attacks could be carried out through hacking other smart devices within the home. And they noted: “The attack serves as an important reminder that the proliferation of smart sensing devices in our homes opens up many opportunities for acoustic side-channel attacks on private conversations.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor’s of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with education having previously served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Board of Director for the Orlando Shakespeare Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce and the Orlando Economic Partnership.