An anonymous service that can get you hacked, infected online restaurant platforms found, a Mac backdoor discovered, and more.
Welcome to Cyber Security Today. It’s Wednesday July 20th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Looking for ways to be anonymous on the internet? Be careful: A bad choice may lead to your business or home computer being hacked, or to your system being used to hide criminal activity. That’s the warning from researchers at the University of Sherbrooke, Quebec. In a recent report they show that using a residential proxy service can be abused by threat actors. A residential proxy service allows an individual or a business to rent a residential IP address to relay communications from an original address. That way the user’s internet traffic appears to come from the rented IP address, not their real address. Businesses, universities, government departments and police forces may legitimately use this service for doing market surveys, search engine optimization or other reasons. Individuals may want to rent a residential IP address to keep from being identified going to adult or gambling sites or blocked movie sites. The thing is, the researchers point out, some home users may be tricked into letting their residential IP address be used as a proxy. One way is by signing up for a so-called free VPN service. What these customers don’t know is it may be run by scammers. Victims install software on their computers that’s supposed to be a VPN. But it also hijacks their IP address to be rented, or abused, by others. The research serves as a warning to governments, businesses and individuals to carefully research services before they sign up.
Microsoft is warning developers using the Azure Arc Jumpstart application to not re-use login credentials for an Arc project in any other Azure environment. That’s because until recently those credentials were stored in plaintext in a log file that is readable by any user on an Arc system. The vulnerability was discovered by researchers at Tenable. For those who don’t know, Arc is a bridge for building cloud applications and services in Azure. Jumpstart is an environment to help developers jumpstart their work. A careless developer who reuses credentials in an Arc project could help an attacker get into other parts of an Azure environment.
Another threat to Macintosh users has been discovered. Researchers at ESET say the macOS backdoor leads to the installation of malware that can copy documents and user keystrokes, as well as take screen captures. ESET has dubbed this spyware CloudMensis. It can’t say how Macs are initially compromised. But a key part of an attack needs a threat actor to gain administrative privileges over a compromised machine. That allows the downloading and installation of the second stage of the attack. Access to screen captures, cameras, microphones and keyboard events are usually protected by the macOS Transparency, Consent and Control system. However, CloudMensis can bypass this protection. So far there have been limited signs of distribution, which suggests this spyware is being very targeted. One defence is making sure your Mac is fully patched.
Finally, administrators using routers and switches from Juniper Networks should know that last week the company published 21 security advisories about vulnerabilities that need to be patched. Some are in the Junos OS operating system, while others are in third-party components such as Nginx, OpenSSL, Samba, JavaSE, SQLite and Linux.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.