Quick Linux patch, secure your Totolink routers, news on the new Borat Trojan and more Russia-Ukraine cyberwar.
Welcome to Cyber Security Today. Today is Wednesday, April 6. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
IT administrators with Linux systems in their environment are advised to immediately install the latest security patches for their distributions. Indeed, a serious vulnerability has been discovered in the security module of the operating system. In short, a local attacker with normal user privilege can overwrite kernel heap objects and ultimately elevate his system privileges.
Experts regularly remind businesses and individuals who own Wi-Fi routers to monitor security updates for their devices. Compromised routers and modems are often used to relay and multiply cyberattacks. The latest example was discovered by security researchers at Fortinet. They warn that a compromised device botnet called Beastmode has now added the ability to compromise unpatched devices made by Totolink to its arsenal. Beastmode is used by hackers to launch denial of service attacks against websites. The botnet also targets five discontinued models of D-Link routers. Because they are discontinued, they no longer receive security updates. If you or your organization have a router from a manufacturer that is more than two years old, check the manufacturer’s website to see if it is still supported. If not, it must be replaced.
IT security teams need to watch out for a new remote access Trojan being used by malicious actors to take control of a user’s system. Called Borat by its developer, this Trojan not only takes over keyboards, activates webcams and steals passwords, it can also be used to launch ransomware and denial of service attacks. It was discovered by researchers at Cyble, which distributes indicators of compromise for IT departments to monitor. According to researchers from the Media Trust, this Trojan is now being sold on the darknet, where attackers can choose whatever options they want to create a package to install on victims’ computers.
In cyberwar along with Ukraine, Russia has deployed an army of trolls on its social media channel Telegram. According to news site Vice.com, Cyber Front Z is operated from Russia and is used to broadcast pro-Kremlin videos, comments and articles on YouTube, Instagram and Twitter. Meanwhile, Ukraine’s Defense Ministry has released what it says is personal information about 620 Russian intelligence officers. The authenticity of this data cannot be confirmed.
In case you don’t know, it’s National Supply Chain Integrity Month. To me, IT managers should worry every day about the integrity of their software and hardware supply chains. But I will take this statement as a moment to remind CIOs and CISOs of the ways customers, partners, and applications can be exploited for cyberattacks. An example: the compromise of the SolarWinds application update process, which led to data theft. The United States Cybersecurity and Infrastructure Security Agency has many resources on how to monitor and defend against supply chain attacks. There is a link to his post here.
To finish, this week, I’m covering IdentityNorth’s Spring Workshop on Creating and Securing Digital Identities for Government and Business Use. My stories can be found on ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
Thanks for listening. I am Howard Solomon