Beware of fileless malware, a Wi-Fi warning and more.
Welcome to Cyber Security Today. It’s Friday, May 14. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Attackers always look for ways to evade detection of their malware. They are increasingly turning to what are called fileless methods. It’s done by having the malware execute in a computer’s memory. That avoids files that can be spotted by antivirus systems. The latest example has been discovered by a security company called Anomali. It says a threat group is using a free Microsoft software development application called MSBuild to plant a remote access tool on a victim system. Then it installs malware that steals passwords. It isn’t known yet how systems were initially compromised, but typically it gets done by tricking a person into using a legitimate-looking but hacked application. Information security professions are warned to educate employees about proper cybersecurity procedures when handling emails with attachments and not downloading unapproved software.
Wi-Fi has been in use since 1997. That’s also how long several design flaws have been sitting in routers, smartphones and other devices, according to a researcher. He dubbed them ‘FragAttack.’ If an adversary is near a victim using Wi-Fi they could steal data or attack their device. Fortunately, the flaws are hard to abuse unless there have been programming mistakes in Wi-Fi products. Thanks to the researcher’s tip in the past few months security updates have been quietly added to products, including Windows. Most mobile devices like smartphones and tablets would be patched through their operating systems. Patches for Linux will be available soon. Those worried should take the usual precautions for Wi-Fi: Only turn it on when needed, and don’t use Wi-Fi for sensitive things like connecting to email, your company’s systems or a bank in public places like hotels, convention centres, airports restaurants and malls.
I mentioned in Monday’s podcast that a phishing scam partly relied on the Zix secure messaging service to fool victims. Zix issued a statement emphasizing the phishing campaign didn’t start from its service. Instead it starts from a compromised companies email account. Only a small portion of the phishing messages were sent to Zix customers from that account.
Finally, a few podcasts ago I told you about a compromise at a software code testing company called Codecov. The part of its service that allows users to upload their code to the service was altered, allowing the attacker to see details and possibly pull out passwords of customers. This week a security company and Codecov user called Rapid7 acknowledged it had been victimized by this hack. A small part of its source code was copied. In addition some customers were warned to take steps in case they were affected. Other victim firms publicly identified so far are Twilio and HashiCorp. Codecov users should follow the company’s security instructions.
That’s it for now. Remember later today the Week in Review edition will be available. Guest Dinah Davis of Arctic Wolf and I will talk the fallout of the Colonial Pipeline ransomware attack. Listen on your way home, or on the weekend.
Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other cybersecurity stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.