Cyber Security Today, July 8, 2022 – IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware

Cyber Security Today, July 8, 2022 – IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware


IT provider recovering from a cyberattack, more action from Karakurt and Chinese attackers and new Linux malware.

Welcome to cybersecurity today. It’s Friday, July 8, 2022. I’m Howard Solomon, a contributing journalist on cybersecurity at ITWorldCanada.com.

Based in America Cybersecurity solution provider SHI International, which has offices around the world, including Canada, France, the United Kingdom and Hong Kong, is recovering from a cyberattack last weekend. The company said it was the target of what it called “a coordinated and professional malware attack.” In a blog he says the incident was quickly identified and steps were taken to minimize the impact. This included having websites and email offline. The email service has been restored, but as of Thursday afternoon, when this podcast was recorded, the SHI.com home page and the Canadian SHI.ca only showed the incident statement. The company’s normal web pages had been moved to a domain that started blog.shi.com.

Karakurt’s data theft and extortion group has returned. This is according to Cyberint investigators, who point out that late last month the gang launched a new data leak site listing the alleged victims. This new site listed 34 organizations. The site offers victims the ability to recover copied data. There are three categories of victims listed: those who are unwilling to pay a ransom for stolen data and risk being published publicly, those who have data in the process of being published, and those who are fully published. The strategy is to increase pressure on organizations to pay before they feel embarrassed by the release of stolen data. In May, AdvIntel researchers said Karakurt is partnering with some of those behind the Conti ransomware group.

Here is something interesting: A Chinese state-backed threat actor is allegedly targeting Russian organizations. This is the statement of SentinelLabs researchers. The attacks use fishing emails to deliver infected Office documents that install a remote access Trojan. Ironically, a document purports to be a warning from Russia’s cyber center to monitor attempts to steal employees ’passwords. “It is clear that the Chinese intelligence apparatus is aimed at a wide range of organizations linked to Russia,” the researchers say.

A new threat to Linux systems has been found. OrBit is being christened and, according to an Intezer researcher, once the malware is installed, it will infect all running processes on a computer or server. The report does not say how the malicious software is distributed, via email or a weak application or other method. But it does say that malicious software gains persistence on the machine by connecting to key functions, giving the attacker remote access capabilities via SSH, stealing credentials, and logging TTY commands.

Application developers using the OpenSSL library to implement the SSL and TLS security protocols should install the latest version of the platform. This is because the project has released patches to close a high severity error. You should use version 3.0.5.

Finally, Network administrators using Apache HTTP Server version 2.4.5 are asked to upgrade to the latest version. This is version 2.4.54 or higher. It closes a memory allocation vulnerability that could lead to a denial of service, according to a report in The New Stack.

The Week in Review edition will be released later today. Cyology Labs guest Terry Cutler will be here to talk about how to start a career in cybersecurity.

Remember that links to details about podcast stories can be found in the text version at ITWorldCanada.com.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smartphone.





Source link

Related post

HCL Group acquires majority stake in vernacular edtech platform GUVI

HCL Group acquires majority stake in vernacular edtech platform…

IT firm HCL Group has acquired a majority stake in vernacular edtech platform GUVI that offers technical courses, the company said…
NIT Srinagar’s Torus club organises model quiz

NIT Srinagar’s Torus club organises model quiz

Torus club of NIT Srinagar is organizing a modeling competition Posted on Friday, January 7, 2022 Srinagar, January 06: Torus-design thinking…
ADA Highlights the Best Ruby on Rails Development Companies

ADA Highlights the Best Ruby on Rails Development Companies

Chained by competition rather than obsolescence, Ruby on Rails remains preferred by many web development companies” – ADA Reports! UNITED STATES,…

Leave a Reply

Your email address will not be published.