Monday, June 14, 2021

Cyber Security Today, May 14, 2021 – Beware of fileless malware, a Wi-Fi warning and more

Beware of fileless malware, a Wi-Fi warning and more.

Welcome to Cyber Security Today. It’s Friday, May 14. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Attackers always look for ways to evade detection of their malware. They are increasingly turning to what are called fileless methods. It’s done by having the malware execute in a computer’s memory. That avoids files that can be spotted by antivirus systems. The latest example has been discovered by a security company called Anomali. It says a threat group is using a free Microsoft software development application called MSBuild to plant a remote access tool on a victim system. Then it installs malware that steals passwords. It isn’t known yet how systems were initially compromised, but typically it gets done by tricking a person into using a legitimate-looking but hacked application. Information security professions are warned to educate employees about proper cybersecurity procedures when handling emails with attachments and not downloading unapproved software.

Wi-Fi has been in use since 1997. That’s also how long several design flaws have been sitting in routers, smartphones and other devices, according to a researcher. He dubbed them ‘FragAttack.’ If an adversary is near a victim using Wi-Fi they could steal data or attack their device. Fortunately, the flaws are hard to abuse unless there have been programming mistakes in Wi-Fi products. Thanks to the researcher’s tip in the past few months security updates have been quietly added to products, including Windows. Most mobile devices like smartphones and tablets would be patched through their operating systems. Patches for Linux will be available soon. Those worried should take the usual precautions for Wi-Fi: Only turn it on when needed, and don’t use Wi-Fi for sensitive things like connecting to email, your company’s systems or a bank in public places like hotels, convention centres, airports restaurants and malls.

Finally, a few podcasts ago I told you about a compromise at a software code testing company called Codecov. The part of its service that allows users to upload their code to the service was altered, allowing the attacker to see details and possibly pull out passwords of customers. This week a security company and Codecov user called Rapid7 acknowledged it had been victimized by this hack. A small part of its source code was copied. In addition some customers were warned to take steps in case they were affected. Other victim firms publicly identified so far are Twilio and HashiCorp. Codecov users should follow the company’s security instructions.

That’s it for now. Remember later today the Week in Review edition will be available. Guest Dinah Davis of Arctic Wolf and I will talk the fallout of the Colonial Pipeline ransomware attack. Listen on your way home, or on the weekend.

Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other cybersecurity stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

+1
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News