(844) 627-8267
(844) 627-8267

USB malware spikes, Honeywell vulnerabilities, ransomware still profitable | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


USB drive malware attacks spiking again in first half of 2023

A new report by Mandiant outlines how two USB-delivered malware campaigns have been observed this year; one named ‘So gu,’ attributed to a Chinese espionage threat group ‘TEMP.HEX,’ and another named ‘Snowydrive,’ attributed to UNC4698, which targets oil and gas firms in Asia. Last November, Mandiant highlighted a China-nexus campaign leveraging USB devices to infect entities in the Philippines with four distinct malware families, and in January, Palo Alto Network’s Unit 42 team uncovered a PlugX variant that could hide in USB drives and infect Windows hosts they’re connected to. While USB attacks require physical access to the target computers to achieve infection, they have unique advantages that keep them both relevant and trending in 2023, as Mandiant reports. The advantages include bypassing security mechanisms, stealth, initial access to corporate networks, and the ability to infect air-gapped systems isolated from unsecured networks for security reasons. Mandiant’s investigation points to print shops and hotels as infection hotspots for USB malware, although any system with a USB port could be a target.

(Bleeping Computer)

Users of Honeywell Experion DCS platforms urged to patch 9 vulnerabilities immediately

Armis and Honeywell jointly disclosed yesterday a package of 9 new vulnerabilities dubbed Crit.IX (as in critical plus the Roman numeral 9), that Armis researchers found in the Honeywell Experion® DCS platforms. Seven of these flaws are indeed critical. These flaws could allow for unauthorized remote code execution on both legacy versions of the Honeywell server and controllers. Exploitation of these vulnerabilities does not require authentication, only network access to the targeted devices. Potentially, any compromised IT, IoT, and OT assets on the same network as the DCS devices could be leveraged for an attack. Honeywell has made security patches available and strongly advises all affected customers to patch immediately. A CISA advisory is anticipated shortly.

(ITSecurity Guru and Armis)

Ransomware gangs have extorted $449 million this year: Chainalysis

This number represents a near-record profit in the first six months of the year, although the total might actually be much higher, since the research only looks at cryptocurrency wallets being monitored by the firm. If the trends continue, ransomware groups are on pace to bring in nearly $900 million in 2023, only $40 million behind the peak of $939.9 million seen in 2021. Eric Jardine, cybercrimes research lead at Chainalysis, told Recorded Future News that a number of factors are contributing to ransomware’s resurgence, including the return of “big game hunting” — where ransomware gangs target large corporations in the hopes of garnering massive ransoms.

(The Record)

Popular WordPress security plugin caught logging plaintext passwords

The All-In-One Security (AIOS) WordPress plugin appears to be logging plaintext passwords from login attempts. Installed on more than one million WordPress sites, the security and firewall plugin was designed to prevent cyberattacks such as brute-force attempts, warn when the default admin username is used for login, prevent bot attacks, log user activity, and eliminate comment spam. It was discovered that AIOS version 5.1.9 writes plaintext passwords from login attempts to the database, which essentially provides any privileged user with access to the login credentials of all other administrator users. The issue was identified roughly two weeks ago, when users started complaining about the insecure design flaw on the plugin’s support forums. Earlier this week, the Updraft team maintaining the plugin released AIOS version 5.2.0 to address the issue and remove the logged passwords from the database.

(SecurityWeek)

Thanks to this week’s episode sponsor, Opal

Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev.

SonicWall fixes multiple critical vulnerabilities

SonicWall has addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine. The company fixed 15 vulnerabilities that were disclosed in a Coordinated Vulnerability Disclosure (CVD) report in conjunction with NCCGroup. Four of these vulnerabilities are rated as critical, they can be exploited by an attacker to bypass authentication and potentially expose sensitive information to an unauthorized actor. The vulnerabilities have CVE codes 2023 34124, 34134 and 34137 and have ratings of 9.4, 9.8 and 9.4 respectively. SonicWall is not aware of attacks in the wild exploiting any of the above vulnerabilities, according to the advisory no reports of a PoC have been made public, but the company is urging organizations using the vulnerable GMS/Analytics On-Prem versions to install security updates.

(Security Affairs)

Rockwell Automation ControlLogix bugs expose industrial systems to remote attacks

CISA has issued an alert regarding two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). Listed as CVE-2023-3595 and 3596 with CVSS scores of 9.8 and 7.5 respectively, they are both out-of-bounds write flaws that could allow malicious actors to gain remote access to the running memory of the module and perform malicious activity, as well as potentially overwriting any part of the system to fly under the radar and stay persistent.

(The Hacker News)

Microsoft rebrands Azure Active Directory to Microsoft Entra ID

Microsoft announced yesterday that it would change the name of its Azure Active Directory (Azure AD) enterprise identity service to Microsoft Entra ID by the end of the year. Azure AD offers a range of security features, including single sign-on, multi factor authentication, and conditional access, with Microsoft saying it helps defend against 99.9 percent of cybersecurity attacks. While the standalone license names are also being modified with this rebrand, it will not affect the service’s capabilities, and everything will work just as before the name change. The transition will be finalized by the end of 2023, and requires no customer action.

(Bleeping Computer)

FTC opens investigation into OpenAI over misleading statements

The investigation into the maker of ChatGPT, is based on claims it has run afoul of consumer protection laws by putting personal reputations and data at risk. The agency is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers. One of the questions has to do with steps OpenAI has taken to address the potential for its products to “generate statements about real individuals that are false, misleading, or disparaging.”

(Reuters)

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW