Cyber Security Today, Sept. 12, 2022 – A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more

Share post:

A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more.

Welcome to Cyber Security Today. It’s Monday, September 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Threat actors continue to use flaws in WordPress plugins to get into services hosted by the content manager. The latest example is a backup utility called BackupBuddy. According to researchers at Wordfence, the vulnerability makes it possible for unauthenticated users to download files stored in WordPress. BackupBuddy users may have had their WordPress sites attacked as early as August 26th. Administrators should be running version 8.7.5 of BackupBuddy. They should also be looking for signs of possible compromise.

Attention Linux administrators: New malware targeting devices of all kinds running Linux has been discovered. Researchers at AT&T call the malware Shikitega. They call it that because of the similar name of the encoder the package uses. Researchers don’t say how devices get initially infected. But a successful attacker can gain full control of the infected system, including depositing a cryptocurrency miner. This malware can attack anything running Linux, including desktops, servers, sensors and industrial control systems. Linux administrators are urged to protect systems against infection by keeping software patched with security updates and installing antivirus or endpoint detection and response software on all endpoints.

More than US$30 million in cryptocurrency stolen by North Korean-based threat actors has been seized by law enforcement agencies. That’s according to blockchain provider Chainalysis. It worked with several companies and unnamed police departments who were able to freeze digital currencies taken from online exchanges, games and businesses that use cryptocurrencies. With the funds frozen the thieves can’t cash out. The investigation started after the theft in March of more than US$600 million in cryptocurrency from the Ronin Network, a cryptocurrency bridge used for a blockchain-based game. Some of that money was laundered through a service called Tornado Cash. Shortly after that theft Tornado Cash was sanctioned by the U.S. Treasury Department for being abused by threat actors trying to cash out cryptocurrency.

Last week the Coinbase cryptocurrency exchange said it is funding a legal challenge to the sanctioning of Tornado Cash. It argues the government should go after bad individuals, not a technology.

Attention medical IT specialists: If you have Baxter Sigma Spectrum Infusion Pumps in your environment watch for security updates and mitigations from the company. This comes after the discovery by researchers at Rapid7 of vulnerabilities in the devices and the battery units they use that connect to a Wi-Fi network. One mitigation is to restrict physical access to these infusion pumps. Another is to monitor network traffic connected to these pumps for unauthorized activity.

Finally, the U.S. Treasury Department has added Iran’s intelligence minister and the country’s Ministry of Intelligence and Security to its sanctions list for being behind cyber attacks against the United States and its allies. This comes after threat actors believed to be sponsored by the ministry disrupted Albanian government computer systems. That government was forced to suspend online public services for its citizens. The U.S. says the Iranian intelligence ministry supports a threat group known to security researchers as MuddyWater and a group dubbed APT39. The sanctions mean that all property and interests of the minister and his department that are subject to U.S. jurisdiction are blocked.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 12, 2022 – A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

AI Engages In Deceptive Marketing: Hashtag Trending for Tuesday, December 3, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses a science fiction,...

AI vs Ghost Engineers: Hashtag Trending for Monday, Dec. 2, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses, a science fiction...

AI Chat Bot Exposes 300,000 Records: Cyber Security Today for Monday, December 2, 2024

This week’s programs are brought to you by the book Elisa: A Tale of Quantum Kisses. Pre-release of...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways