Patch Linux fast, secure your Totolink routers, news on the new Borat trojan and more Russia-Ukraine cyberwar.
Welcome to Cyber Security Today. It’s Wednesday, April 6th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
IT administrators with Linux systems in their environment are urged to install the latest security patches from their distributions immediately. This is because a serious vulnerability has been found in the operating system’s security module. Briefly, a local attacker with a normal user privilege can overwrite kernel heap objects and ultimately increase their system privileges.
Experts regularly remind business and home owners of Wi-Fi routers to watch for security updates for their devices. Compromised routers and modems are often used to relay and multiply cyber attacks. The latest example was discovered by security researchers at Fortinet. They warn a botnet of compromised devices called Beastmode has now added the ability to compromise unpatched devices made by Totolink to its arsenal. Beastmode is used by hackers to launch denial of service attacks against websites. The botnet also now targets five discontinued models of D-Link routers. Because they are discontinued, they don’t get security updates anymore. If you or your organization has a router from any manufacturer more than a couple of years old check the maker’s website to see if it’s still supported. If not, it has to be replaced.
IT security teams need to watch for a new remote access trojan being used by threat actors to take control of a user’s system. Called Borat by its developer, this trojan not only takes over keyboards, activates webcams and steals passwords, it also can be used for launching ransomware and denial of service attacks. It was discovered by researchers at Cyble, which is distributing indicators of compromise for IT departments to watch for. According to researchers at the Media Trust, this trojan is now being sold on the dark net, where attackers can choose the options they want to create a package for installation on victims’ computers.
In the cyberwar with Ukraine, Russia has deployed a troll army on its Telegram social media channel. According to the news site Vice.com, the Cyber Front Z is run out of Russia and is being used to boost pro-Kremlin videos, commentary and articles on YouTube, Instagram and Twitter. Meanwhile, Ukraine’s ministry of defence has released what it says is personal information on 620 Russian intelligence officers. The authenticity of that data can’t be confirmed.
In case you didn’t know, this is National Supply Chain Integrity Month. To me, IT leaders should be worried about the integrity of their software and material supply chains every day. But I’ll take this declaration to be a time to remind CIOs and CISOs of the ways customers, partners and applications, can be leveraged for cyber attacks. One example: The compromise of the SolarWinds application update process, which led to data theft. The U.S. Cybersecurity and Infrastructure Security Agency has lots of resources on how to watch for and defend against supply chain attacks. There’s a link its post here.
Finally, this week I’m covering the IdentityNorth spring workshop about creating and securing digital identities for use by governments and business. My stories can be found on ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
Thanks for listening. I’m Howard Solomon