A new online card-skimming campaign, new WinServer backdoors and more.
Welcome to Cyber Security Today. It’s Wednesday, September 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A new debit and credit card skimming operation targeting online businesses is spreading. Researchers at BlackBerry say the campaign — which they call Silent Skimmer — is mainly picking off victims in the Asia-Pacific region. But it has also hit e-commerce operators in Canada and the U.S. The threat actor exploits vulnerabilities in web applications, particularly those on web servers running Microsoft’s Internet Information Services. After initial compromise the attacker escalates their access privileges so they can deploy a data scraper in the online payment checkout service. Retailers who use Microsoft IIS servers to host their e-commerce solutions should improve their security.
A threat actor is distributing a new family of malware that installs two backdoors on Windows servers. Researchers at Cisco Systems say these weapons have been used against telecom providers in the Middle East. But the could also be used against telcos anywhere in the world. The implants try to evade detection by masquerading as components of Palo Alto Networks’ Cortex XDR application. An infosec staffer looking for something suspicious might miss these backdoors because they look like something from a legitimate security company. The report doesn’t say how servers are likely compromised. Telcos are targeted by nation-states and others either to disrupt a country’s communications or as a gateway to attacking corporate or government customers.
Cleaning products manufacturer Clorox is still struggling after sustaining a cyber attack last month. In a regulatory filing the company that makes Pine-Sol, Liquid Plumr and other products said there are still some product availability issues as it continues to repair its IT infrastructure.
Thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability. The new tactic was discovered by researchers at VulnCheck, who say an attacker could run commands without creating a file on a system. Juniper administrators should look for and install a patch.
October Security Awareness Month is less than two weeks away. But in cybersecurity there are daily examples of apparent lapses or a failure to reinforce security awareness training. The latest example is a slip by a Microsoft employee who shared a potentially dangerous URL in a publicly available GitHub repository. The idea was to share information on AI learning modules. But the URL included an overly permissive shared access signature token to a 38 TB Microsoft Azure storage account. That account included the backups of two former employees’ workstations as well as internal Microsoft Teams messages of these employees. Luckily, no customer data was involved. The error was spotted by researchers at Wiz. Microsoft owns GitHub and has a scanning service that should detect secrets like shared access signature tokens. In fact it did — but it marked it as a false positive. The system now correctly scans for tokens like this with overly permissive expirations or privileges.
GitLab has released security updates for application developers who use the platform. It closes a critical security vulnerability. Users are strongly urged to update their GitLab installations.
Finally, the U.S. Department of Homeland Security has recommended Washington streamline the way American critical infrastructure providers report cyber incidents to the Cybersecurity and Infrastructure Security Agency. The goal is not only to make it easier for companies to report breaches, but also to help the government identify trends in attacks. Congress will also have to change some laws. It’s a complex recommendation for simplifying things, so there’s a link to the document here.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.