IT provider is recovering from cyber attack, more action from Karakurt and Chinese attackers and new Linux malware.
Welcome to Cybersecurity today. It’s Friday, July 8, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
American ancestry Cybersecurity solutions provider SHI International, with offices around the world including Canada, France, the UK and Hong Kong, is recovering from a cyber attack last weekend. The company said it was the target of what it called “a professional and coordinated malware attack”. In a blog, it said that the incident was identified quickly and that measures were taken to minimize the impact. That includes the use of websites and offline email. Email service has been restored, but as of Thursday afternoon, when this podcast was recorded, the homepages of SHI.com and Canada’s SHI.ca only displayed a message about the problem. The company’s normal websites have been moved to a domain name starting at blog.shi.com.
Karakurt . blackmail and data theft group has returned. That’s according to researchers at Cyberint, who note that late last month, the gang launched a new data leak website listing alleged victims. That new website listed 34 organizations. The site offers victims the ability to redeem copied data. There are three types of victims listed: Those who do not want to pay a ransom for stolen data and are at risk of being released publicly, those whose data is in the process of being released, and those whose data is in the process of being released. full publication. The strategy is to increase pressure on organizations to pay before they are embarrassed by the release of stolen data. In May, researchers at AdvIntel reported that Karakurt collaborated with some of the guys behind the Conti ransomware group.
Here’s something interesting: A Chinese state-supported bully allegedly targeting Russian organizations. That’s the claim of researchers at SentinelLabs. The attacks use phishing emails to send infected Office documents that install a remote access trojan. Ironically, one document purports to be an alert from Russia’s cyber hub to monitor employees’ password-stealing attempts. “It remains clear that the Chinese intelligence apparatus is targeting a wide range of organizations with ties to Russia,” the researchers said.
New threat to Linux system was found. It is named OrBit, and according to a researcher at Intezer, once the malware is installed, it infects all the processes running on the computer or server. The report doesn’t say how the malware was delivered – through email or an app’s weakness or another method. But it says the malware persists on the machine by hooking into key functions, providing attackers with remote access over SSH, stealing credentials and logging TTY commands.
App developer Using the OpenSSL library to implement the SSL and TLS security protocols should install the latest version of the platform. That’s because the project has released patches to close a high severity bug. You should use version 3.0.5.
Final, Network administrators using Apache HTTP Server version 2.4.5 are required to update to the latest version. It’s version 2.4.54 and up. It closes a memory allocation vulnerability that can cause denial of service, according to a report on The New Stack.
Later today, the Week in Review edition will be released. Cyology Labs guest Terry Cutler will be here to discuss how to start a career in cybersecurity.
Remember the links to detailed information on the podcast stories are in the text version at ITWorldCanada.com.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.