Serious bugs found in a building access control system, ransomware news and more.
Welcome to Cyber Security Today. It’s Monday June 13th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Vulnerabilities in IT systems can open serious holes in an organization. So can web-connected door locks. The latest example, discovered by researchers at Trellix, has forced building access control system provider Carrier to issue a cybersecurity warning to organizations that use its LenelS2 access control panels. The researchers found eight zero-day vulnerabilities that could allow an outsider full system control and the ability to compromise physical security. That includes the ability to unlock any door, subvert alarms and undermine logging and notification systems. The problem is in motherboards made by a company called HID Global Mercury, used in the Carrier panels and other systems. Carrier has issued firmware updates and mitigations.
Linux administrators are being warned of a newly-discovered and hard-to-detect piece of malware. Researchers at BlackBerry and Intezer have dubbed this malware Sybiote. Instead of running as a standalone executable in a server, it is a shared object library that infects all running processes. That gives the attacker rootkit functionality, including the ability to steal passwords and install a backdoor to give remote access. It’s been seen targeting the financial sector in Latin America, but the threat actor could use it more widely. One protection against stolen passwords is the use of multifactor authentication. Monitoring network telemetry for suspicious activity will also be useful aganist this malware.
There’s a debate about whether organizations hit by ransomware should pay to get access back to their data. Here’s a nugget of information from a survey by Cybereason that may help make up executives’ minds: Eighty per cent of organizations that paid up said they were hit by ransomware a second time. And of those, 68 per cent said the attack came less than a month later. Here’s another factoid: Nearly two-thirds of companies hit believe the ransomware gang got into their network through a supplier or partner.
Here’s more on ransomware: Palo Alto Networks has done an analysis of the HelloXD strain of ransomware, which emerged last November. It appears to be based on the leaked source code for the Babuk ransomware. However, HelloXD includes an open-source backdoor that allows the attacker to browse the victim’s file system, which can help monitor the progress of the ransomware. This report includes a number of indicators of compromise that could be useful to security teams.
Finally, there’s two cellphone-related privacy stories to report. Researchers at the University of California have found Bluetooth signals might be able to be fingerprinted to track smartphones and their users. Meanwhile German researchers at the University of Hamburg found that some smartphones with their WiFi turned on may transmit data from networks they previously connected to, including passwords and email addresses. These experiments needed to meet certain conditions to work. But they are a lesson to only turn on Bluetooth and WiFi when you are using them. Otherwise keep them off. In addition, make sure your mobile devices have the latest security updates. And if your mobile device is no longer capable of receiving security updates, it’s time to buy a new one.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.