A quick Saturday digest of cybersecurity news articles from other sources.
Peter Eckersley, co-creator of Let’s Encrypt, dies at just 43
This site, like millions of others, has a certificate from Let’s Encrypt. Farewell, Peter Eckersley, PhD, who helped make it all possible.
Traffers threat: The invisible thieves
Traffers are cybercriminals organized in teams whose purpose is to steal a maximum of bankable information from infected computers, which they sell to other cybercriminals.
Cybercrime comes in many different flavors, most of it being financially-oriented. Phishers, scammers and malware operators are the most visible ones, yet there are some other profiles in the cybercrime economy who play an important role and are yet very discreet: Traffers.
A new report from Sekoia sheds light on traffers activities.
What is a traffer?
Traffers — from the Russian word “Траффер,” also referred to as “worker” — are cybercriminals responsible for redirecting Internet users network traffic to malicious content that they operate, this content being malware most of the time.
Traffers are generally organized as teams and compromise websites in order to hook the traffic and bring the visitors to malicious content. They might also build websites serving the same purpose. As exposed by Sekoia researchers who have monitored Russian speaking cybercrime forums, the traffer ecosystem is built of both highly skilled profiles and new ones, making it a good entry point for beginners in cybercrime. More…
#StopRansomware: Vice Society
Original release date: September 6, 2022
CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Vice Society, to disseminate tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Vice Society actors identified through FBI investigations as recently as September 2022. Vice Society uses ransomware attacks against the education sector to gain access to, and threaten exposure of, sensitive personal information regarding students and staff for financial gain.
CISA encourages organizations to review #StopRansomware: Vice Society for more information. Additionally, see StopRansomware.gov for guidance on ransomware protection, detection, and response.
Breaking down how USB4 goes where no USB standard has gone before
USB4 vs. Thunderbolt 4—and everything else to know about the newest USB standard.
USB has come a long way since the 12Mbps days of the ’90s. It has waved goodbye to USB-B and is inching away from USB-A in favor of the slim, reversible USB-C connector. Data transfer rates have increased so dramatically that we can run powerful setups with high-resolution monitors, speedy external storage, and numerous other devices from the USB Implementers Forum’s latest open standard, USB4.
DEADBOLT ransomware rears its head again, attacks QNAP devices
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too…
5 Million Attacks Targeting 0-Day in Backup Buddy WordPress Plug-in
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BuddyPress, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information.
After reviewing historical data, we determined that attackers started targeting this vulnerability on August 26, 2022, and that we have blocked 4,948,926 attacks targeting this vulnerability since that time.
The vulnerability affects versions 8.5.8.0 to 8.7.4.1, and has been fully patched as of September 6, 2022 in version 8.7.5. Due to the fact that this is an actively exploited vulnerability, we strongly encourage you to ensure your site has been updated to the latest patched version 8.7.5 which iThemes has made available to all site owners running a vulnerable version regardless of licensing status.
Share
SEP
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com