A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more.
Welcome to Cyber Security Today. It’s Monday, September 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Threat actors continue to use flaws in WordPress plugins to get into services hosted by the content manager. The latest example is a backup utility called BackupBuddy. According to researchers at Wordfence, the vulnerability makes it possible for unauthenticated users to download files stored in WordPress. BackupBuddy users may have had their WordPress sites attacked as early as August 26th. Administrators should be running version 8.7.5 of BackupBuddy. They should also be looking for signs of possible compromise.
Attention Linux administrators: New malware targeting devices of all kinds running Linux has been discovered. Researchers at AT&T call the malware Shikitega. They call it that because of the similar name of the encoder the package uses. Researchers don’t say how devices get initially infected. But a successful attacker can gain full control of the infected system, including depositing a cryptocurrency miner. This malware can attack anything running Linux, including desktops, servers, sensors and industrial control systems. Linux administrators are urged to protect systems against infection by keeping software patched with security updates and installing antivirus or endpoint detection and response software on all endpoints.
More than US$30 million in cryptocurrency stolen by North Korean-based threat actors has been seized by law enforcement agencies. That’s according to blockchain provider Chainalysis. It worked with several companies and unnamed police departments who were able to freeze digital currencies taken from online exchanges, games and businesses that use cryptocurrencies. With the funds frozen the thieves can’t cash out. The investigation started after the theft in March of more than US$600 million in cryptocurrency from the Ronin Network, a cryptocurrency bridge used for a blockchain-based game. Some of that money was laundered through a service called Tornado Cash. Shortly after that theft Tornado Cash was sanctioned by the U.S. Treasury Department for being abused by threat actors trying to cash out cryptocurrency.
Last week the Coinbase cryptocurrency exchange said it is funding a legal challenge to the sanctioning of Tornado Cash. It argues the government should go after bad individuals, not a technology.
Attention medical IT specialists: If you have Baxter Sigma Spectrum Infusion Pumps in your environment watch for security updates and mitigations from the company. This comes after the discovery by researchers at Rapid7 of vulnerabilities in the devices and the battery units they use that connect to a Wi-Fi network. One mitigation is to restrict physical access to these infusion pumps. Another is to monitor network traffic connected to these pumps for unauthorized activity.
Finally, the U.S. Treasury Department has added Iran’s intelligence minister and the country’s Ministry of Intelligence and Security to its sanctions list for being behind cyber attacks against the United States and its allies. This comes after threat actors believed to be sponsored by the ministry disrupted Albanian government computer systems. That government was forced to suspend online public services for its citizens. The U.S. says the Iranian intelligence ministry supports a threat group known to security researchers as MuddyWater and a group dubbed APT39. The sanctions mean that all property and interests of the minister and his department that are subject to U.S. jurisdiction are blocked.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.