Security News > 2022 > April

Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia's destructive VPNFilter, according to SentinelOne. In a statement, Viasat said the researchers' hypothesis was "Consistent with the facts in our report ... SentinelLabs identifies the destructive executable that was run on the modems using a legitimate management command as Viasat previously described."

Remember the good old days, when the only devices a company had to worry about were the PCs on its own network? Today, security teams must yearn for those times as they struggle to protect endpoint devices everywhere. Darktrace is mirroring the approach it takes to security at the core of the network with an endpoint agent that uses machine learning to protect PCs. "The way we operate our businesses has changed so drastically over the last few years," says Justin Fier, the company's Director of Cyber Intelligence & Analytics.

In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in Spring Core whose existence has finally been confirmed by its developers. Spring4Shell has been catalogued as CVE-2022-22965 and fixed in Spring Framework 5.3.18 and 5.2.20, and Spring Boot 2.5.12 and 2.6.6.

The United States Department of Justice has revealed it has indicted a National Security Agency employee for sharing top secret national security information with an unnamed person who worked in the private sector. According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "Held a TOP SECRET/Sensitive Compartmented Information clearance and had lawful access to classified information relating to the national defense."

Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. CVE-2022-1161 - A remotely exploitable flaw that allows a malicious actor to write user-readable "Textual" program code to a separate memory location from the executed compiled code.

The FCC Illegal Robocall Response Team and STIR/SHAKEN-the FCC-mandated initiative that provides a framework that voice service providers use to digitally sign each call that originates from their network-are an example of such initiatives. These variables complicate call authentication and highlight the need for a platform that serves as the industry standard source of trusted information.

In this interview with Help Net Security, Vitaly Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process. What kind of impact do third-party JavaScript libraries and pre-written JavaScript code have on front-end security?

Around a third of respondents stated that between 50-75 percent of their apps are cloud native, yet 20 percent have no cloud native security strategy in place. Paul Calatayud, CISO at Aqua Security said, "As more and more applications are built and run in the cloud, it's no surprise that we're seeing threat actors shift their focus to target cloud native environments. This demands a new approach to security. Many organizations in the UK are beginning to understand that cloud native security is not just a 'nice to have', but there is a clear need for more education in the UK and beyond."

Tessian reveals that one in four employees lost their job in the last 12 months, after making a mistake that compromised their company's security. 36% of employees have made a mistake at work that compromised security and fewer are reporting their mistakes to IT. When asked why these mistakes happened, half of employees said they had sent emails to the wrong person because they were under pressure to send the email quickly - up from 34% reported by Tessian in its 2020 study - while over two-fifths of respondents cited distraction and fatigue as reasons for falling for phishing attacks.

The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host.