Friday, May 20, 2022

Cyber Security Today, May 6, 2022 – Hacking helped by infected removable storage devices, corporate espionage, and more

Hacking helped by infected removable storage devices, corporate espionage, and more.

Welcome to Cyber Security Today. It’s Friday May 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Threat groups often compromise companies by getting an employee to click on an infected email, or they worm their way in by exploiting vulnerabilities in internet-connected applications. But infections through compromised removable storage drives, like USB keys, are still used. Researchers at Red Canary recently discovered a number of infections in technology and manufacturing companies that appear to have started with someone plugging in an infected removable drive. That led to the downloading of malicious files. It isn’t known which threat group is behind this, their motives or how the devices got plugged into victims’ IT networks – by employees or by someone getting past security. There’s a link to the full report in the text version of this podcast for IT teams who want to learn more.

Separately, researchers at Cybereason released a report into corporate espionage against technology and manufacturing companies. These attacks are believed to be the work of a Chinese-based threat group. Cybereason calls the group Winnti, but other researchers call it APT41 or Barium. The campaign to steal intellectual property, like product designs, has been quietly going on since 2019. Victim firms are in North America, East Asia and Western Europe. Often the hackers get into victims’ IT systems through vulnerabilities in their enterprise resource planning platforms, meaning those systems have to be fully patched against compromise.

Another report has been issued arguing unpatched Log4j2 vulnerabilities are more widespread than security experts think. The conclusion comes from researchers at Cequence Security. They found unpatched applications with the vulnerability buried in the applications of their customers. Sometimes repeated scans for the Log4j2 vulnerability showed different results, with the number of systems rising or falling for each scan. Organizations need to be aware of how deeply embedded the Log4j component is in their digital supply chain, says the report.

Someone was clumsy handling a database of personal information gathered by a user of an Indian debt collection application. The database was created by an ElasticSearch of company-held information of customers but was left open on the internet. Open until security researchers at UpGuard came upon it. It had information about loans of thousands of people from multiple Indian and African financial services companies. That was bad. Whoever created the database didn’t know how to properly secure it. Just as bad was that UpGuard got no reaction from the company after six days of trying. Only after India’s Computer Emergency Response Team was notified did the company get the message.

Finally, two major IT companies have issued important security patches you need to know about: F5 Networks has issued updates for recent versions of its BIG-IP application delivery controllers. A vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port to execute system commands, create or delete files, or disable services.

And Cisco Systems has issued fixes for its Enterprise NFV Infrastructure Software for virtualizing network services. Multiple vulnerabilities could allow an attacker to escape from the guest virtual machine to the host server. After that they could inject commands that execute at the root level, or leak system data from the host to the virtual machine.

That’s it for this edition. Remember later today the Week in Review podcast will be out. Guest David Shipley and I will talk about the end of passwords, wiperware, why companies subscribing to software-as-a-service applications aren’t using their security controls and the obligations of organizations to notify regulators about cyber attacks.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Cyber Security Today Podcast