Hashtag Trending Jun.19-Hackers backed by China exploit vulnerability in Barracuda’s email security tool; Reddit on the verge of “civil war”; The return of the flip phone

Three big cybersecurity stories you need to know about, Reddit is on the verge of what some call “civil war” and – hey, the flip phone is back.

Hashtag Trending on Amazon Alexa Google Podcasts badge - 200 px wide

 

These and more top tech news stories from Hashtag Trending and Tech News Day. I’m your host Jim Love, CIO of IT World Canada and Tech News Day in the US.

Reddit, is still facing a huge backlash from its user base from its decision to charge for access to its API. This move, aimed at increasing profitability as the company moves towards going public, has led to protests across nearly 9,000 subreddits, with many moderators making their groups private and inaccessible. 

Two popular apps, Reddit Is Fun and Apollo, which have over 41 million downloads combined, are both shutting down as a result of the new API usage fees. 

The ongoing protest, which some moderators plan to continue indefinitely, has led to concerns about the future of Reddit. Rory Mir, an associate director of community organizing at the Electronic Frontier Foundation, suggests that unless Reddit changes its course, it could face a slow attrition of users and content. 

Amy Bruckman, a regents’ professor and senior associate chair at Georgia Institute of Technology’s School of Interactive Computing, also highlights that the move feels like a betrayal of the community’s trust. She points out that the most vocal critics are the volunteers who keep the communities functional, arguably the most important users on the site.

CEO Steve Huffman remains defiant, claiming that Reddit’s moderators have too much power and he is reported to be vowing to change Reddit’s rules to limit that power.

Reddit’s initial justification for limiting its API access was to control the data usage by generative artificial intelligence companies like OpenAI. However, in an interview with NPR, Reddit CEO Steve Huffman admitted that limiting third-party access would also help Reddit control how it displays ads, its primary source of income.

As the protest continues, some users are leaving the platform, and there’s no clear alternative emerging as a replacement although some have set up on Discord and Twitter.  While some forums have reopened, those forums are being attacked by their own members who are threatening to leave the forums. 

Other forums have reopened and, thumbing their nose at CEO Huffman, have their only content being pictures of popular comedian John Oliver. 

Despite this, Reddit is hoping that user loyalty will keep people on its site, even if they have to switch to the official app. Getting back the volunteer moderators, with CEO Huffman’s tough guy stand, appears difficult. He might win this, but he might go down as the most tone deaf CEO of our time.

Because given Reddit’s members reputation for lack of, let’s say, conventionality, or respect for authority, picking a fight with your volunteer moderators is not only a bad strategy, but it makes you wonder if Huffman has actually ever read a Reddit forum.

Sources include: WIRED.

Hackers suspected to be backed by China have exploited a vulnerability in a widely used email security tool, Barracuda Networks’ Email Security Gateway.  They have targeted hundreds of organizations worldwide, according to a report by Google-owned Mandiant. Nearly a third of the targeted organizations are government agencies, including foreign ministries. 

The group, known as UNC4841 and believed to be working for the Chinese government, has reportedly been exploiting the security flaw since at least October. The flaw was so severe that Barracuda urged customers to completely replace any affected devices, rather than just patching them.

Once inside an organization’s networks, the hackers primarily focused on data theft and used compromised devices to send more malicious emails to other targets. Despite Barracuda releasing a patch last month, the hackers deployed a new malware strain to maintain their access across victims in at least 16 different countries.

While the hackers are claiming that they are not going after government agencies, many government and health organizations in Canada and the US have had some of the most sensitive data posted on the dark web.

More than half of all affected organizations are based in the Americas. Other known victims include the ASEAN Ministry of Foreign Affairs, as well as trade offices and academic research organizations in Taiwan and Hong Kong. 

Mandiant recommends all affected organizations replace the compromised devices and investigate their networks for any signs of the hackers on their systems.

We will try to get a list of the affected devices and ensure that they are posted in the text version of this podcast. You may also want to check with Howard Solomon’s stories on itworldcanada.com and technewsday.com in the US.

You really do need to replace the devices if you have the affected ones.

How you will find whether your device needs replacing.  I checked and Barracuda says that impacted ESG customers will see a notification in their user interface (UI). If you didn’t get this notice or got it but have not replaced your appliances after receiving this UI notice, you should contact Barracuda support: [email protected].

Sources include: Axios.

And if the Clop ransomware story isn’t enough, in what one senior cybersecurity expert has termed the “story of the summer” hackers have rushed to exploit a flaw in the MOVEit file-transfer tool, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). 

The breaches which have affected governments and companies in the US, in Canada and the UK underscore the ongoing vulnerability of government and healthcare agencies to cyberattacks, despite years of efforts to enhance security.

The MOVEit file-transfer tool, developed by software firm Progress, has been the focus of a weeks-long hacking campaign. Among the victims are Shell, the British oil and gas multinational, Johns Hopkins University, and the University System of Georgia  

The U.S. Department of Energy confirmed that two of its entities were compromised using the MOVEit vulnerability. Over 100,000 records were compromised in the Canadian province of Nova Scotia. 

This is certainly just the tip of the iceberg.

The hackers, who have claimed responsibility for several other attacks exploiting the MOVEit flaws, have primarily focused on stealing information stored on the file-transfer application at the time of the intrusion. CISA Director Jen Easterly stated that there’s no evidence of the intrusion being used to gain broader access to victim organizations’ systems.

Progress has released two patches to resolve the targeted vulnerabilities and recommends that organizations cut off internet traffic to affected systems until they’re able to update their systems.

Sources include: Axios

And here’s number 3 – Microsoft has confirmed that recent outages affecting Azure, Outlook, and OneDrive were caused by Layer 7 DDoS attacks. The attacks were carried out by a threat actor known as Storm-1359, also referred to as Anonymous Sudan.

The outages began in early June, with the web portal for Outlook targeted on June 7th, OneDrive on June 8th, and the Microsoft Azure Portal on June 9th. Microsoft initially hinted at DDoS attacks as the cause, stating that they were “applying load balancing processes in order to mitigate the issue.”

Despite the attacks, Microsoft has seen no evidence that customer data has been accessed or compromised. Layer 7 DDoS attacks target the application level, overwhelming services with a massive volume of requests, causing the services to hang as they cannot process them all.

Anonymous Sudan, which launched in January 2023, has targeted organizations and government agencies worldwide, taking them down in DDoS attacks or leaking stolen data. In June, they turned their attention to Microsoft, demanding $1 million to stop the attacks.

Sources include: BleepingComputer

Okay, just so we don’t have to talk you down off the ledge here’s a little bit of good geeky news.  Motorola is back with the flip phone.  Not the folding phone that Samsung came in with, but the flip phone that you can click up and say, “phasers on stun Mr. Spock.” 

What do you mean, you’ve never done that?

Anyway, the flip phone, the Razr is back. There’s a link to a story with a picture of the new device in the text version and it’s cool.  And to totally mix my memes, if I hadn’t just gone over to the dark side and got my first iPhone, I might have gone for this. Still might. 

Beam me up, Scottie.

And that’s the top tech news stories for today. 

Links to all of the stories can be found in the text version of this podcast at itworldcanada.com/podcasts 

Hashtag Trending goes to air five days a week with a special weekend interview episode called Hashtag Trending, the Weekend Edition.  You can find us on Google, Apple, Spotify or wherever you get your podcasts. We can even be in your home on you’re your Alexa or Google smart speaker. 

We’re also on YouTube five days a week with a video newscast only there we are called Tech News Day. Check us out. Give us a like.

We love to hear your comments.  You can find me on Linked In, Twitter or on our new Mastodon site technews.social where I’m @therealjimlove.

Or if that’s too much to remember, just go to the article at itworldcanada.com/podcasts and you’ll find a text version with additional links and references.  Click on the x or the check mark and tell us what you think. 

iPhone, Samsung, Motorola – we don’t care how you contact the mothership. We read it all.

Oh, Captain, there’s a message on screen. It says, Have a Marvelous Monday.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Jim Love
Jim Lovehttp://www.itworldcanada.com/
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO of a great company - IT World Canada - Canada's leading ICT publisher.

Follow this Podcast

More #Hashtag Trending