Cyber Security Today, July 20, 2022 – An anonymous service that can get you hacked, infected online restaurant platforms, a Mac backdoor discovered, and more

Share post:

An anonymous service that can get you hacked, infected online restaurant platforms found, a Mac backdoor discovered, and more.

Welcome to Cyber Security Today. It’s Wednesday July 20th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Looking for ways to be anonymous on the internet? Be careful: A bad choice may lead to your business or home computer being hacked, or to your system being used to hide criminal activity. That’s the warning from researchers at the University of Sherbrooke, Quebec. In a recent report they show that using a residential proxy service can be abused by threat actors. A residential proxy service allows an individual or a business to rent a residential IP address to relay communications from an original address. That way the user’s internet traffic appears to come from the rented IP address, not their real address. Businesses, universities, government departments and police forces may legitimately use this service for doing market surveys, search engine optimization or other reasons. Individuals may want to rent a residential IP address to keep from being identified going to adult or gambling sites or blocked movie sites. The thing is, the researchers point out, some home users may be tricked into letting their residential IP address be used as a proxy. One way is by signing up for a so-called free VPN service. What these customers don’t know is it may be run by scammers. Victims install software on their computers that’s supposed to be a VPN. But it also hijacks their IP address to be rented, or abused, by others. The research serves as a warning to governments, businesses and individuals to carefully research services before they sign up.

Three American-based online ordering platforms used by hundreds of restaurants have hacked with malware that skims off the names and payment card information of customers. According to researchers at Recorded Future, at least 311 restaurants using the MenuDrive, Harbortouch and InTouchPOS web applications were victimized. That led to the copying of over 50,000 compromised payment card records. Those records have been posted for sale on the dark web. The malicious domain being used in the MenuDrive and Harbortouch attacks has been blocked since May 26th. However the domains behind the InTouchPOS infections are still active. Compromising restaurant online ordering platforms with JavaScript-based data-skimmers — known as a Magecart attack — is common: Last year Recorded Future found five other platforms that had been hacked. The problem is that end-user website security scanners may not discover a platform compromise. That’s why online e-commerce platform developers have to carefully scan their code for unapproved additions. That means having a careful inventory of code for version control.

Microsoft is warning developers using the Azure Arc Jumpstart application to not re-use login credentials for an Arc project in any other Azure environment. That’s because until recently those credentials were stored in plaintext in a log file that is readable by any user on an Arc system. The vulnerability was discovered by researchers at Tenable. For those who don’t know, Arc is a bridge for building cloud applications and services in Azure. Jumpstart is an environment to help developers jumpstart their work. A careless developer who reuses credentials in an Arc project could help an attacker get into other parts of an Azure environment.

Another threat to Macintosh users has been discovered. Researchers at ESET say the macOS backdoor leads to the installation of malware that can copy documents and user keystrokes, as well as take screen captures. ESET has dubbed this spyware CloudMensis. It can’t say how Macs are initially compromised. But a key part of an attack needs a threat actor to gain administrative privileges over a compromised machine. That allows the downloading and installation of the second stage of the attack. Access to screen captures, cameras, microphones and keyboard events are usually protected by the macOS Transparency, Consent and Control system. However, CloudMensis can bypass this protection. So far there have been limited signs of distribution, which suggests this spyware is being very targeted. One defence is making sure your Mac is fully patched.

Finally, administrators using routers and switches from Juniper Networks should know that last week the company published 21 security advisories about vulnerabilities that need to be patched. Some are in the Junos OS operating system, while others are in third-party components such as Nginx, OpenSSL, Samba, JavaSE, SQLite and Linux.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, July 20, 2022 – An anonymous service that can get you hacked, infected online restaurant platforms, a Mac backdoor discovered, and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Apple gets hammered by the EU again: Hashtag Trending for Tuesday, March 26, 2024

Apple gets hammered by the EU once again while there’s a threat in the US of breaking up the big tech giants. Google appears to have another problem AI implementation, Steve Wozniak is back as an unlikely critic of the TikTok ban, a new open source AI that runs on your computer an an Amazon

CIOs complain of “application sprawl” – Hashtag Trending, Monday March 25th, 2024

Apple may get an unexpected penalty from the US Governments new lawsuit, survey of CIOs complains of application sprawl but proposes that the way to get out of it is “more applications”, 1% of employees cause 89% of data loss events and information surfaces about some potentially enormous developments in AI in the coming months.

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways