Sys & Infrast Lifecycle Mngt 1
Information Technology Audit and Cybersecurity, Temple University
Samba provides print and file-sharing services for Linux and Unix. It was discovered that it is possible to cause a buffer overflow and gain access to higher commands because of misconfigured portions of the application. Combined, this allows the possibility of remote code execution through a buffer overflow. At this time, the application has been updated to prevent this issue from occurring in the future, and users are recommended to update their software.
Kenneth Saltisky
This article describes a vulnerability found in WordPress through an SQL injection that results in a database exposing information. I picked this because it involves WordPress which many people use to create and host websites and it involves security concepts like SQL injections which are interesting to see.
Kenneth Saltisky
Microsoft teams has issued a warning that hackers may have access to individuals accounts while they are in use. Security research team at Avanan determined that hackers inserted a malicious chat executable file called “User Centric” to get into Teams chats which allows them to install malware and trick users into downloading content and take over user’s computers. This also gives hackers information about the user’s operating system, its security settings, and patches that were installed. To prevent this type of attack, Avanan recommends applying protection on files in a sandbox and inspect malicious content, install strong security that protects business communications, and contact IT professionals should you happen to across an unfamiliar file.
Hackers slip into Microsoft Teams chats to distribute malware (bleepingcomputer.com)
Christopher Clayton
Google drive accounts for 50 percent of malicious document downloads
In 2021 about 50 percent of malicious office documents were delivered using google drive. Netskope reported that office 365, google docs and pdf’s make up 37 percent of malware that is downloaded.
Google drive took over in 2021 as the leader in malicious document downloads from Microsoft one drive which lead up to that point with 34 percent.
How cybercriminals are operating? Cybercriminals will sign up for free accounts from these hosting services. They will upload malicious files and will share them with unsuspecting users who open those files.
Legitimate platforms are easy tools for cyber criminals to use to attack unsuspecting people, keep an eye out and don’t click on emails or links from people you don’t know.
Google Drive Now Accounts for 50% of Malicious Document Downloads | Cyware Alerts – Hacker News
Corey Arana
With public Wi-Fi becoming more and more standard in today’s society, providing public Wi-Fi is a premium service for your customers. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, located in public places such as parks, libraries, public transportation, train stations, etc. Public Wi-Fi has become an integral part of modern life.
While public Wi-Fi has to offer many benefits, when users use public Wi-Fi, it means that users may be vulnerable to many cyber threats, such as malware, viruses, hacking, and other forms of intrusion. It also provides opportunities for cybercriminals to commit virtual crimes and harm internet users. However, having a solid DNS filtering service can stop cyber threats like malware, ransomware, phishing, and botnets before they reach network devices. Also, DNS can filter out unwanted content such as pornographic material, violence, and drug-related content.
Link: https://thehackernews.com/2022/01/dont-use-public-wi-fi-without-dns.html
Yangyuan Lin
A Russian-born tech entrepreneur has been extradited from Australia to the United States for conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit money laundering. Eugeni Tsvetnenko covertly subscribed hundreds of thousands of cell phone users to a $9.99 per month recurring text message fee that the user did not want to subscribe to victims of the scheme received text messages about horoscopes, celebrity gossip and trivia facts. The scheme’s operators defrauded victims of approximately $41,389,725 and earned approximately $20 million in profits. At the same time, he faces charges related to a multi-million-dollar SMS consumer fraud scheme.
https://www.infosecurity-magazine.com/news/tsvetnenko-extradited-sms-fraud/
Dan Xu
This article talks about hackers who planted fake digital evidence on devices of Indian Activists and Lawyers. The digital evidence is called an “incriminating digital evidence”. “Cybersecurity firm called Sentinel attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests. The hackers were able to get into the system using spear phishing with malicious documents to deliver malware such as NetWire and simple keyloggers. They did create fake accounts or simply resending their malware multiple times using new emails or lure documents.
https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html
A ransomware group by the name of BlackByte attacked the San Francisco 49ers network security before the start of the Super Bowl which encrypted files on their IT corporate network. Law enforcement and cybersecurity firms were notified and investigating this attack. This attack came one day before the FBI released an alert regarding this ransomware group compromising numerous US and foreign businesses. If the 49ers would have made it to the Super Bowl, there would be more of a possibility that the ransomware issue would have grown to an even bigger issue.
San Francisco 49ers attacked by BlackByte ransomware group ahead of Super Bowl | ZDNet
Christopher Clayton
“FBI: Watch Out for LockBit 2.0 Ransomware, Here’s How to Reduce the Risk to Your Network.”
As the FBI warns us about the LockBit 2.0 ransomware, they are also warning us to utilize MFA and strong passwords for all admin and high-value accounts. It is mentioned in the article, Microsoft has found that 78% of organizations using Azure Active Directory does not have MFA enabled. If this is keeping an organization safe, why aren’t they using it?
LockBit2.0 targets Windows PCs and Linux servers via bugs in VMWare’s virtual machine.
LockBit’s operators use any method available to compromise a network, as long as it is successful. For example, the operators are buying access to already compromised network from “access brokers,” exploiting unpatched software bugs, and even paying for insider access, as well as using exploits for previously unknown zero-day flaws. Lockbit 2.0 identifies and collects an infected device’s hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. It then attempts to encrypt the data saved to any local or remote device but skips flies associated with core system functions. Afterwards, it deletes itself from the disk and creates persistence at a startup. The FBI additionally recommends companies segment their networks, investigate any abnormal activity, implement time-based access for accounts set at the admin level and higher, disable command-line and scripting activities and permissions, and maintain offline backups of data.
By: Victoria Zak
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
This article describes a vulnerability in the RUST framework. I picked this because it is an example of the kind of issue a project team needs to be aware of if they are using RUST. These kinds of issues show up for many different frameworks.