PrintNightmare bugs exploited, AlphaBay criminal marketplace returns, a threat to network inspection devices and check your router.
Welcome to Cyber Security Today. It’s Monday, August 16th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ransomware gangs are starting to take advantage of recently-discovered printer-related vulnerabilities in Windows Server. Collectively, the three vulnerabilities are known as PrintNightmare. CrowdStrike says that one gang using a ransomware strain called Magniber was caught trying to exploit these vulnerabilities last month against organizations in South Korea. Microsoft has issued security updates for two of them, which by now Windows administrators should have installed. There’s no patch yet for the third bug, but Microsoft has issued a security advisory with a workaround. The problem is an attacker can use these vulnerabilities to get into a computer system.
Here’s some bad news: The AlphaBay darkweb marketplace, used by cybercrooks for buying and selling cyber exploits, stolen data and drugs, has been revived. It was taken down by law enforcement agencies in 2017 after police in Thailand arrested a Canadian. However, a co-founder wasn’t caught. Now this person, who dubs themselves DeSnake, says AlphaBay is back and ready for business – with some qualifications: No selling of guns, erotica, fentanyl, fake or real COVID-19 vaccines, ransomware or ransomware discussions. Nor can any activity – like selling stolen data – relate to Russia or nearby Russian allied countries. The Bleeping Computer news site wonders if this is legit, or a trap set by law enforcement.
IT managers think their corporate firewalls, deep packet inspection devices, load balancers and other network traffic inspection devices protect the organization from cyber attacks. But researchers at two American universities have found a way these can be used to launch huge distributed denial of service attacks. According to their paper it could be done by abusing the TCP protocol in a number of devices. What’s worse is that some of these devices can greatly amplify a denial of service attack. The researchers have quietly notified a number of countries and equipment manufacturers about the possibility of this kind of attack. Possible fixes include distributing of firmware updates, but IT departments may also have to make configuration changes to their devices. However, the news site The Record notes that changing configurations require extensive tests, which some network administrators may not want or be able to do. It’s a problem network admins have to keep an eye on.
I’ve often quoted cybersecurity experts reminding people that their routers have firmware that may need to be updated, just like the software in their computers. Here’s another reason why: A researcher at a company called Tenable has discovered vulnerabilities in a large number of routers made for a number of manufacturers. These include routers made for Asus and Buffalo, as well units sold or rented to customers by internet providers like Telus in Canada and Verizon in the U.S. Briefly, the vulnerabilities could allow an attacker to bypass the router’s authentication and get into your computer.
Since word of these vulnerabilities was first published earlier this month there have been news reports that hackers are trying to take advantage of the bugs. The good news is Tenable notified router manufacturers several months ago, so patches may be available. And some internet providers may have automatically updated the firmware on their routers, so their customers are already protected. To see if your router is affected check this list. If you bought a modem or router in a store it’s good practice to check a couple of times a year with the manufacturer’s website to see if there’s a firmware update for your device. And if the device is no longer supported, you ought to buy a new one.
By the way, most modern routers have a web-based management console. Usually manufacturers make sure access is restricted to an internal network only by default. However, there is an option for remote access. That’s how a hacker can compromise your router. So, go into the web console and make sure the remote access option is turned off.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.