Cyber Security Today, Jan. 19, 2024 – Vulnerabilities found in server firmware, a warning to Docker administrators, and more – IT World Canada

Videos 
Podcasts
Blogs
Slideshows
Vulnerabilities found in server firmware, a warning to Docker administrators, and more.
Welcome to Cyber Security Today. It’s Friday, January 19th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 
Nine vulnerabilities have been found in an open-source reference implementation of a protocol that allows enterprise computers and data centre servers to boot across a network. If exploited these holes could lead to data theft, denial of service attacks and other ugly things. Researchers at Quarkslab say the problems are in TCP/IP stack specification maintained by Tianocore TEE-AN-O-CoRE, a community of developers from software vendors including Microsoft, ARM, American Megatrends, Phoenix Technologies and others that use the project for their firmware implementations. Carnegie Mellon University’s Computer Emergency Response Team (CERT) says IT leaders should look for and install firmware updates from their equipment manufacturers. They should also consider disabling a capability called PXE boot, sometimes called Pixie boot.
Separately, the Carnegie CERT issued a warning that general-purpose graphic processors from AMD, Apple and Qualcomm have a memory leak vulnerability. The hole, discovered by researchers at Trail of Bits, means at attacker with access to a GPU programmable interface can dump local memory. IT managers should watch for security updates from their hardware makers.
Button up your Docker containers. That’s the advice from researchers at Cado Security. Their honeypot recently attracted a piece of malware hunting for vulnerable Docker services. It installs a cryptominer as well as an application called 9hits that threat actors can use to run their attacks from the compromised container. It isn’t clear how this Docker malware is being spread. But the report makes it clear that exposed Docker hosts are a risk to organizations that use them.
American cybersecurity authorities have issued an advisory to help defenders fight the Androxgh0st malware. A threat group has used this malware to create a botnet to steal login credentials for Amazon Web Services, Microsoft Office 365, SendGrid, Twilio and more. Targets also include websites that use the Laravel LARA-VEL web application framework and web servers running certain versions of Apache HTTP Server. The advisory includes indicators of compromise defenders should watch for.
The pressure on IT security leaders in the financial services sector won’t let up this year. That’s according to researchers at Abnormal Security. They note in a report this week that firms in this sector get about 200 advanced phishing attacks per 1,000 mailboxes each week. One of the most common tactics used by threat actors is impersonating a business provider, like a supplier or a software company, and demanding payment for an invoice. Last year that type of attack went up 137 per cent compared to 2022.
Finally, Middle Eastern affairs experts at universities and think tanks should be careful replying to emails. According to Microsoft, they’re being targeted by an Iranian-based threat group it calls Mint Sandstorm. Typically the gang uses custom phishing lures to trick targets into downloading malicious files and gain access to their computers through a backdoor.
Later today the Week in Review podcast will be available. On this show guest commentator David Shipley and I will discuss the recent takeovers of poorly secured accounts on the X platform, and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
©
IT World Canada. All Rights Reserved.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *