Cyber Security Today, Jan. 19, 2024 – Vulnerabilities found in server firmware, a warning to Docker administrators, and more

Share post:

Vulnerabilities found in server firmware, a warning to Docker administrators, and more.

Welcome to Cyber Security Today. It’s Friday, January 19th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Nine vulnerabilities have been found in an open-source reference implementation of a protocol that allows enterprise computers and data centre servers to boot across a network. If exploited these holes could lead to data theft, denial of service attacks and other ugly things. Researchers at Quarkslab say the problems are in TCP/IP stack specification maintained by Tianocore TEE-AN-O-CoRE, a community of developers from software vendors including Microsoft, ARM, American Megatrends, Phoenix Technologies and others that use the project for their firmware implementations. Carnegie Mellon University’s Computer Emergency Response Team (CERT) says IT leaders should look for and install firmware updates from their equipment manufacturers. They should also consider disabling a capability called PXE boot, sometimes called Pixie boot.

Separately, the Carnegie CERT issued a warning that general-purpose graphic processors from AMD, Apple and Qualcomm have a memory leak vulnerability. The hole, discovered by researchers at Trail of Bits, means at attacker with access to a GPU programmable interface can dump local memory. IT managers should watch for security updates from their hardware makers.

Button up your Docker containers. That’s the advice from researchers at Cado Security. Their honeypot recently attracted a piece of malware hunting for vulnerable Docker services. It installs a cryptominer as well as an application called 9hits that threat actors can use to run their attacks from the compromised container. It isn’t clear how this Docker malware is being spread. But the report makes it clear that exposed Docker hosts are a risk to organizations that use them.

American cybersecurity authorities have issued an advisory to help defenders fight the Androxgh0st malware. A threat group has used this malware to create a botnet to steal login credentials for Amazon Web Services, Microsoft Office 365, SendGrid, Twilio and more. Targets also include websites that use the Laravel LARA-VEL web application framework and web servers running certain versions of Apache HTTP Server. The advisory includes indicators of compromise defenders should watch for.

The pressure on IT security leaders in the financial services sector won’t let up this year. That’s according to researchers at Abnormal Security. They note in a report this week that firms in this sector get about 200 advanced phishing attacks per 1,000 mailboxes each week. One of the most common tactics used by threat actors is impersonating a business provider, like a supplier or a software company, and demanding payment for an invoice. Last year that type of attack went up 137 per cent compared to 2022.

Finally, Middle Eastern affairs experts at universities and think tanks should be careful replying to emails. According to Microsoft, they’re being targeted by an Iranian-based threat group it calls Mint Sandstorm. Typically the gang uses custom phishing lures to trick targets into downloading malicious files and gain access to their computers through a backdoor.

Later today the Week in Review podcast will be available. On this show guest commentator David Shipley and I will discuss the recent takeovers of poorly secured accounts on the X platform, and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Jan. 19, 2024 – Vulnerabilities found in server firmware, a warning to Docker administrators, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Massive AT&T breach in 2022 one of the largest private communications data breaches

AT&T announced a significant data breach affecting nearly all of its mobile phone customers, marking one of the...

The Microsoft AI feature you may never see: Hashtag Trending for Monday, July 15, 2024

Has Microsoft created a voice generator that is so good they won’t release it to the public?  Is...

Passionate about Data: Hashtag Trending, the Weekend Edition with guest Chandrashekhar LSP, Zoho Canada

Welcome to Hashtag Trending the weekend edition. I'm your host, Jim Love. Passionate about data. That's how I'll...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways