This Week in Security News – February 25, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how to protect your organization from cyberattacks targeting open-source servers. Also, read about the most recent cyberattack warnings following Biden’s sanctions on Russia.
Read on:
Recent Cyberattacks Increasingly Target Open-source Web Servers
As organizations reeled from the Log4Shell vulnerability (CVE-2021-44228), cyberattacks aiming at open-source web servers, like Apache HTTP Server, were rapidly rising. Malicious actors take advantage of people’s reliance on web servers to perform attacks like remote code execution (RCE) or access control bypass, denial of service (DoS). To protect enterprises against malicious activities, we need more than just timely patches.
Minutes after President Joe Biden announced new sanctions on Russian banks and elites, a senior FBI cyber official asked US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis between the Kremlin and Ukraine deepens.
SMS PVA Part 1: Underground Service for Cybercriminals
In recent years, SMS verification has been implemented by major Internet platforms and services as means of human verification during account creation. However, this very same function that makes our beloved smartphones a tool for security verification and authentication is now being abused by cybercriminals. In this three-part blog entry, Trend Micro will explore what SMS PVA is and its threats and impacts on various sectors.
Great Resignation Shines a Spotlight on Insider Threats
As the so-called Great Resignation seems to still be in full swing, one critical topic is often left out of conversations — cybersecurity concerns specific to the employee exodus. However, security practitioners and analysts warn that insider threats tied to the Great Resignation can pose a substantial risk to organizations.
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network
A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic. Trend Micro dives into old iterations of this malware, and analyzes the newest version. Coinminers are one of the more profitable types of malware for malicious actors, and they require little maintenance once installed on a victim’s device. The malicious actor can have a coinminer masquerade itself as a legitimate app, trick susceptible users into running it on their systems, and just wait for the profits to roll in.
Samsung Screwed Up Encryption On 100M Phones
Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the devices’ hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that’s found in smartphones.
Trend Micro takes a closer look at the operations of Clop, a prolific ransomware family that has gained notoriety for its high-profile attacks. This spotlight reviews Clop’s constantly changing schemes and discusses how companies can shore up defenses against this threat.
EU To Mobilize Cyber Team to Help Ukraine Fight Russian Cyberattacks
The European Union will activate a team of cybersecurity experts to help Ukraine fight off cyberattacks from Russia. The EU’s Cyber Rapid Response Team includes around 10 national cybersecurity officials from six European countries — Croatia, Estonia, Lithuania, the Netherlands, Poland and Romania — who can provide assistance to countries under cyberattack. The team falls under the EU’s defense cooperation program PESCO; it will be its first deployment.
New Data-Wiping Malware Discovered on Systems in Ukraine
Researchers at ESET reported the discovery of new data-wiping malware on hundreds of systems in Ukraine that, in at least one case, infiltrated the victim’s Microsoft Active Directory server. The reports came as the US government has continued its crescendo of warnings to US organizations to prepare for major cyberattacks out of Russia amid its invasion of Ukraine and possible retaliation for US economic sanctions on Russia.
Have you noticed the increase in recent open-source attacks? Follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE