Cyber Security Today, May 6, 2022 – Hacking helped by infected removable storage devices, corporate espionage, and more

Share post:

Hacking helped by infected removable storage devices, corporate espionage, and more. Welcome to Cyber Security Today. It’s Friday May 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Threat groups often compromise companies by getting an employee to click on an infected email, or they worm their way in by exploiting vulnerabilities in internet-connected applications. But infections through compromised removable storage drives, like USB keys, are still used. Researchers at Red Canary recently discovered a number of infections in technology and manufacturing companies that appear to have started with someone plugging in an infected removable drive. That led to the downloading of malicious files. It isn’t known which threat group is behind this, their motives or how the devices got plugged into victims’ IT networks – by employees or by someone getting past security. There’s a link to the full report in the text version of this podcast for IT teams who want to learn more. Separately, researchers at Cybereason released a report into corporate espionage against technology and manufacturing companies. These attacks are believed to be the work of a Chinese-based threat group. Cybereason calls the group Winnti, but other researchers call it APT41 or Barium. The campaign to steal intellectual property, like product designs, has been quietly going on since 2019. Victim firms are in North America, East Asia and Western Europe. Often the hackers get into victims’ IT systems through vulnerabilities in their enterprise resource planning platforms, meaning those systems have to be fully patched against compromise. Another report has been issued arguing unpatched Log4j2 vulnerabilities are more widespread than security experts think. The conclusion comes from researchers at Cequence Security. They found unpatched applications with the vulnerability buried in the applications of their customers. Sometimes repeated scans for the Log4j2 vulnerability showed different results, with the number of systems rising or falling for each scan. Organizations need to be aware of how deeply embedded the Log4j component is in their digital supply chain, says the report. Someone was clumsy handling a database of personal information gathered by a user of an Indian debt collection application. The database was created by an ElasticSearch of company-held information of customers but was left open on the internet. Open until security researchers at UpGuard came upon it. It had information about loans of thousands of people from multiple Indian and African financial services companies. That was bad. Whoever created the database didn’t know how to properly secure it. Just as bad was that UpGuard got no reaction from the company after six days of trying. Only after India’s Computer Emergency Response Team was notified did the company get the message. Finally, two major IT companies have issued important security patches you need to know about: F5 Networks has issued updates for recent versions of its BIG-IP application delivery controllers. A vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port to execute system commands, create or delete files, or disable services. And Cisco Systems has issued fixes for its Enterprise NFV Infrastructure Software for virtualizing network services. Multiple vulnerabilities could allow an attacker to escape from the guest virtual machine to the host server. After that they could inject commands that execute at the root level, or leak system data from the host to the virtual machine. That’s it for this edition. Remember later today the Week in Review podcast will be out. Guest David Shipley and I will talk about the end of passwords, wiperware, why companies subscribing to software-as-a-service applications aren’t using their security controls and the obligations of organizations to notify regulators about cyber attacks. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, May 6, 2022 – Hacking helped by infected removable storage devices, corporate espionage, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

A conversation with Senator Colin Deacon: Driving innovation in Canada’s government. Hashtag Trending, the Weekend Edition

Senator Colin Deacon has brought a fresh perspective to the Canadian Senate, leveraging his background as a startup...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways