The year began with companies attempting to clean up after major exploitation of the critical Log4j vulnerability, a recap of 2021’s ransomware activity, and a new crop of security patches. Make sure you are aware of how this cybersecurity news impacts your business and your clients.
Life After Log4J Vulnerabilities
What the Cybersecurity and Infrastructure Security Agency (CISA) calls the “widespread exploitation of a critical remote code execution (RCE) vulnerability,” Apache Log4j vulnerabilities continue to put systems and data at risk. In a February update, IBM shared a list of its products impacted by CVE-2021-44228. Additionally, NVIDIA shared information that it may impact its Legacy vGPU Software License Server Product. Hewlett Packard Enterprise (HPE)provided information on its products affected by the log4j vulnerability, and a slate of other companies have issued security updates and information.
The vulnerability that allows attackers to take control of a system, steal data, upload malware, and even mine cryptocurrency represents a significant threat.
Action Items:
Advice from IBM includes:
- Check for vulnerable versions of Log4j in your IT environment
- Update with security patches, if available
- Implement network controls to limit exploitation of vulnerabilities
- Monitor for updates from the companies you work with and for security patches
Top Ransomware Findings
A new report from Cyber Security Works in collaboration with Ivanti, The Ransomware Spotlight Report for 2022, states that CVEs related to ransomware increased by 29 percent in 2021. The total vulnerability count is now 288, and the number of APT groups using ransomware has increased from 33 to 40. Additionally, one-third of the new vulnerabilities are actively searched on the internet, indicating you need to address them as soon as possible. The companies also report an increase in the exploitation of zero-day vulnerabilities and supply chain attacks. Also, 21 vulnerabilities aren’t detected by popular scanners.
Action Items:
Download the report for more information on:
- Repeatedly targeted vulnerabilities
- Vulnerabilities of end-of-life products
- Vendors under attack
- An appendix including a list of CVEs
Xenomorph Banking Trojan
Xenomorph, an Android banking trojan with more than 50,000 installations and has been distributed through the Google Play Store, has been targeting European banks. Hacker News reports that the trojan shares overlaps with another tracked as “Alien,” a remote access trojan that has been harvesting sensitive information from compromised devices.
Action Items:
Watch for apps that make requests for:
- Continuous updates
- Accessibility privileges
Some Good News About Hive Ransomware
Researchers in South Korea have found a vulnerability in the mechanism that generates master keys for Hive ransomware. For each file encryption, two keystreams are required. The researchers found the encryption keystream, which is created from an XOR operation, uses data in alternate blocks to create the encrypted file. They report that it’s possible to guess the keystreams and recover the master key, which they were able to do 92-98 percent of the time or 72-98 percent when only an incomplete master key was available.
Action Items:
Cyware concluded that the researchers’ work could lead to victims limiting damage from Hive and recovering files without paying a ransom.
CISA Issues New Guidance
CISA issued numerous alerts in February, including:
- NSA best practices for selecting Cisco password types
- Drupal security updates
- Mozilla’s security update for Thunderbird
- VMware security updates
- Google’s security updates for Chrome
- Adobe security updates for Commerce and Magento Open Source
Action Items:
Read each alert for specific information to decrease the threats to your business.
UpdraftPlus Bug Puts Website Backups at Risk
UpdraftPlus, a WordPress plug-in, was patched in February to correct a vulnerability that could expose personal and authentication information. CVE 2022-0633 was rated 8.5, high, allowed attackers to download backups, an action which should be limited only to the administrator.
Action Items:
Ensure you are using the updated version of UpdraftPlus.
For more security updates and insights, visit DevPro Journal’s Security resources page.
