Malware targeting the Spring Java framework, AWS Lambda, and Android apps.
Welcome to Cyber Security Today. Today is Monday, April 11, 2022. I'm Howard Solomon, cybersecurity contributing reporter for ITWorldCanada.com.
\
What does it mean to have a successful security organization? There are three key elements that business leaders identify. Download the AWS-sponsored “Characteristics of High-Performing Security Organizations” eBook at itworldcanada.com/aws
There is a new reason Why do Java application developers using the Spring Framework need to patch as soon as possible? According to researchers at Trend Micro, unpatched versions of the framework are used to force servers to join the Mirai botnet. This botnet is used to propagate denial of service attacks. Two vulnerabilities, called SpringShell or Spring4Shell by some, allow an attacker to remotely access a Spring local or cloud server. Developers are requested to install upgrades to Spring Framework and Spring Boot. They should also look for signs that their Spring environment has been compromised.
Amazon It introduced its serverless AWS Lambda computing platform in 2014 to do things like upload images to S3 instances. So far, no one has publicly reported seeing malware targeting Lambda. But researchers at the UK's Cado Security have detected malware in Lambda that can run crypto-mining software. It's unclear how the sample they found got into the victim's environment. However, keep in mind that it is up to users to secure functions while securing AWS's underlying Lambda execution environment. Keep this in mind if you are using lambdas.
Seven internet domains Allegedly, the hacking group Strontium, which is used by the Russian army, has been disabled by Microsoft. The sites were used for attacks against targets in Ukraine, the United States, and the European Union. Microsoft's weapon was a court order that allowed it to take control of sites. Microsoft says this is part of actions it has taken since 2016 to take over the IT infrastructure used by Strontium. It has taken over more than 100 Strontium controlled areas so far.
Industrial tool manufacturer Snap-on Inc. began notifying customers and employees last week that some of their personal data had been stolen from a partner firm or a franchisee. This comes after the Conti ransomware gang began publishing data allegedly taken from Snap-on in March, according to the Bleeping Computer news site. The company said it saw suspicious network activity in early March. Stolen data may include names, Social Security Numbers, dates of birth, and employee identification numbers.
Facebook's parent Meta He said he took unspecified action against a previously unreported hacking group from Iran targeting energy companies in Canada, Saudi Arabia, Italy and Russia. It also targeted the semiconductor industry in the US, Israel and Germany, as well as other companies around the world. Tactics included creating fictitious accounts of people posing as recruiters for real and fake companies on LinkedIn, Instagram, Facebook, and Twitter. The gang also created fake and misleading corporate recruitment websites. And it embedded tools like an interview app with a chat function that works when the victim enters a password for an interview. Doing so enabled malware distribution. It seems that espionage is the purpose of this group. Are you looking for a job online? Be careful.
I reported in January A former Chinese employee of agriculture giant Monsanto in the US has been convicted of conspiracy to commit economic espionage. He admitted that he copied a predictive algorithm he used in the company's software onto a memory card, then tried to fly to China the day after he left the company in 2017. He was sentenced to 29 months in prison and then three months in prison by a US judge last week. years of probation.
Also last week A Ukrainian man has been sentenced to five years in prison by a US judge for working for the hacking group FIN7. Also called Carbanak Group or Navigator Group by threat researchers. Prosecutors said the inmate designed emails with malware to steal data, including credit and debit card information. It also probed and mapped organizations IT networks for data theft. The group is believed to have caused more than a billion dollars in losses to American firms alone. The man was arrested in Bangkok in 2019 and extradited to the United States. He is the third member of the gang to be convicted in the US in the last 12 months.
Finally, More malware-infected Android apps have been found in the Google Play store. This time six so-called anti-virus apps. They have been deleted from the Play Store, but can still be found in other app stores. According to Check Point Software researchers, these apps have been downloaded at least 15,000 times. As researchers have said before, you should carefully check with other users and reviews from reputable websites before downloading mobile apps.
Note that links to details on podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing from your smart speaker.
...
Comments
Post a Comment