Cyber Security Today, Sept. 20, 2023 – A new online card-skimming campaign, new WinServer backdoors and more

Share post:

A new online card-skimming campaign, new WinServer backdoors and more.

Welcome to Cyber Security Today. It’s Wednesday, September 20th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

A new debit and credit card skimming operation targeting online businesses is spreading. Researchers at BlackBerry say the campaign — which they call Silent Skimmer — is mainly picking off victims in the Asia-Pacific region. But it has also hit e-commerce operators in Canada and the U.S. The threat actor exploits vulnerabilities in web applications, particularly those on web servers running Microsoft’s Internet Information Services. After initial compromise the attacker escalates their access privileges so they can deploy a data scraper in the online payment checkout service. Retailers who use Microsoft IIS servers to host their e-commerce solutions should improve their security.

A threat actor is distributing a new family of malware that installs two backdoors on Windows servers. Researchers at Cisco Systems say these weapons have been used against telecom providers in the Middle East. But the could also be used against telcos anywhere in the world. The implants try to evade detection by masquerading as components of Palo Alto Networks’ Cortex XDR application. An infosec staffer looking for something suspicious might miss these backdoors because they look like something from a legitimate security company. The report doesn’t say how servers are likely compromised. Telcos are targeted by nation-states and others either to disrupt a country’s communications or as a gateway to attacking corporate or government customers.

Cleaning products manufacturer Clorox is still struggling after sustaining a cyber attack last month. In a regulatory filing the company that makes Pine-Sol, Liquid Plumr and other products said there are still some product availability issues as it continues to repair its IT infrastructure.

Thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability. The new tactic was discovered by researchers at VulnCheck, who say an attacker could run commands without creating a file on a system. Juniper administrators should look for and install a patch.

October Security Awareness Month is less than two weeks away. But in cybersecurity there are daily examples of apparent lapses or a failure to reinforce security awareness training. The latest example is a slip by a Microsoft employee who shared a potentially dangerous URL in a publicly available GitHub repository. The idea was to share information on AI learning modules. But the URL included an overly permissive shared access signature token to a 38 TB Microsoft Azure storage account. That account included the backups of two former employees’ workstations as well as internal Microsoft Teams messages of these employees. Luckily, no customer data was involved. The error was spotted by researchers at Wiz. Microsoft owns GitHub and has a scanning service that should detect secrets like shared access signature tokens. In fact it did — but it marked it as a false positive. The system now correctly scans for tokens like this with overly permissive expirations or privileges.

GitLab has released security updates for application developers who use the platform. It closes a critical security vulnerability. Users are strongly urged to update their GitLab installations.

Finally, the U.S. Department of Homeland Security has recommended Washington streamline the way American critical infrastructure providers report cyber incidents to the Cybersecurity and Infrastructure Security Agency. The goal is not only to make it easier for companies to report breaches, but also to help the government identify trends in attacks. Congress will also have to change some laws. It’s a complex recommendation for simplifying things, so there’s a link to the document here.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 20, 2023 – A new online card-skimming campaign, new WinServer backdoors and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Will the “AI bubble” burst? Hashtag Trending for Wednesday, July 10, 2024

Europe may be reigning in big tech, but Canada and the US are struggling, despite public concern.  Analysts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways