A new ransomware data extraction tool is discovered, a warning that a proof-of-concept exploit in Github may not be safe, and more.
Welcome to Cyber Security Today. It is Monday, October 24, 2022. I’m Howard Solomon, a contributing reporter on cybersecurity for ITWorldCanada.com.
Many ransomware gangs Initially use attachments to access the target’s network. They are just as crafty as fellow ransomware developers and often create custom tools to aid in their work. The latest example is the discovery of a new data exfiltration tool called Exbyte by researchers at Symantec. It is usually deployed before the installation of the Blackbite strain of ransomware. Thanks to the work of these researchers, there are indicators of compromise that security and IT teams can detect. The text version of this podcast has a link to their report.
Threat actors are still trying To exploit unpatched holes in VMware’s Workspace One Access and Identity Manager. The warning comes from researchers at Fortinet, who have released an analysis of some of the efforts. VMware administrators have no reason not to patch this application: the security update was released in April.
Attention IT administrators Using Microsoft Azure for running applications: You need to install a patch released by Microsoft earlier this month to close the vulnerability in Service Fabric Explorer. SFX Service Fabric monitors and manages cloud applications and nodes in the cluster. The hole allows an attacker to gain full administrative privileges on a cluster. The hole was discovered by researchers at Orca Security. They note that the hole affects version 1 of SFX. Administrators should ensure they are running version 2.
Application Developer The open-source GitHub repository has been warned for months about the risk of malicious packages. Proof-of-concept exploits now uploaded to Github carry warnings of hidden vulnerabilities. The work was done by researchers at the Leiden Institute of Advanced Computer Science and presented at a conference in the Netherlands last week. Proof-of-concepts help developers learn how hackers exploit holes in code. But research suggests that some threat actors are using GitHub as a place to plant vulnerabilities in developers’ computers by listing them in proof-of-concept exploits. GitHub, like other open code repositories, does not guarantee that any code – be it an application library or a proof of concept – is trustworthy. A researcher who also works for DarkTrace told the Bleeping Computer news site that developers should carefully scrutinize any proof of concept they download from any source. A hint: be suspicious if the code is too vague and takes too long to analyze manually. Another tip: use open-source intelligence tools like VirusTotal to analyze any open-source binaries.
IT and security leaders It is important to know what the applications contain in order to be able to judge their level of risk. Last week, Google announced a way to help. It has created a project called Graph for Understanding Composition, or GUAC for short. The goal is to help developers create metadata about their applications that describe software builds, security, and dependencies. There are already many efforts such as how the software was created (known as SLSA) and the software bill of material generator. However, Google says that it is difficult to combine and synthesize information into a comprehensive view. GUAC will bring together various sources of software security metadata into a graph database. This is an open-source project on Github and Google is looking for contributors.
Here’s how This may help you. It took a few days for hackers to begin trying to exploit a vulnerability in the open-source Apache Commons Text library, which some developers use in their applications. I told you about this hole – now nicknamed Text4Shell – last Wednesday. A few days later researchers at WordFence said they began seeing threat actors looking for vulnerable applications. This vulnerability is not as bad as Log4Shell, but Text4Shell needs to be addressed.
Finally, International acceptance of cybersecurity rating systems for smart consumer products is progressing. Last week, Singapore and Germany agreed to adopt their respective cyber security rating systems. Finland has a similar agreement with Singapore, where the idea originated. And at a White House conference last week, the Biden administration encouraged the US tech industry to come up with similar but voluntary labeling standards next year. In the US concept, bar codes consumers can scan on items such as internet routers, internet-connected speakers, home robots and home automation hubs can rate the device’s security to receive security updates, only limited personal data is collected, that data is encrypted and so on. .
Follow Cyber Security today on Apple Podcasts, Google Podcasts, or join us in a Flash briefing on your smart speaker.