A quick Saturday digest of cybersecurity news articles from other sources.
It’s Cybersecurity Awareness Month
Cybersecurity Awareness Month was created in 2004 as a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. Learn more on CISA’s website and check out their free resources!
Google Fiber plots speedy multi-gig future
Google Fiber hopes to expand its reach to deliver one of the fastest fiber networks to multiple U.S. communities.
VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere
Original release date: September 29, 2022
VMWare has released Protecting vSphere From Specialized Malware, addressing malware artifacts known as VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), which are used to exploit and gain persistent access to instances of ESXi.
CISA urges organizations employing VMWare ESXi to review the following for more information and to apply recommended mitigations and threat hunting guidance:
- VMware: Protecting vSphere From Specialized Malware
- VMware: Knowledge Base 89619 – Mitigation and Threat Hunting Guidance for Unsigned vSphere Installation Bundles (VIBs) in ESXi (including a script to audit ESXi hosts)
- VMWare: vSphere Security Configuration Guides (baseline hardening guidance for VMware vSphere)
Numerous orgs hacked after installing weaponized open source apps
PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording all targeted.
Hackers backed by the North Korean government are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising “numerous” organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday. More…
Hacking group hides backdoor malware inside Windows logo image
Security researchers have discovered a malicious campaign by the ‘Witchetty’ hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
Witchetty is believed to have close ties to the state-backed Chinese threat actor APT10 (aka ‘Cicada’). The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.
Using the Windows logo against you
In this campaign, the hackers refreshed their toolkit to target different vulnerabilities and used steganography to hide their malicious payload from antivirus software.
4 times students compromised school cybersecurity
Posted: by
For many students school can be a tough time, and we’ve all heard stories about bored or frustrated kids compromising school cybersecurity to change grades. Sometimes the students are celebrated, and other times it ends in them being expelled from school, or even prosecuted.
Of course, these acts of compromising school security are against the law. In 1986, the Computer Fraud and Abuse Act (CFAA) was enacted as an amendment to the first federal computer fraud law, to address hacking. The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization.
And the sentences are not mild. Accessing a computer to defraud and obtain value (such as raising your grades) could end in a five-year prison sentence!
FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure
Original release date: October 5, 2022
The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:
- Assesses malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting.
- Confirms “the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information.”
The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations for protecting against election-related cyber threats.
Software supply chains at risk: The account takeover threat
This kind of attack is very difficult to detect and might lead to full compromise of systems, leading to cyberespionage or financial crime.
Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors
Original release date: October 6, 2022
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. PRC state-sponsored cyber actors continue to exploit known vulnerabilities to actively target U.S. and allied networks, including software and hardware companies to illegally obtain intellectual property and develop access into sensitive networks.
CISA, the FBI, and the NSA urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommendations listed in the Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors to increase their defensive posture and reduce the threat of compromise from PRC state-sponsored malicious cyber actors.
For more information on PRC state-sponsored malicious cyber activity, see CISA’s China Cyber Threat Overview and Advisories webpage, the FBI’s Industry Alerts, and the NSA’s Cybersecurity Advisories & Guidance.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com