Security News

Kubernetes showing vulnerabilities against ransomware attacks. New research from Veritas Technologies detailing the inherent security risks associated with Kubernetes has been published, and some of the findings are concerning for those employing the containerized system.

Sift released a report, detailing the increasingly sophisticated - and often automated - tactics cybercriminals leverage to commit payment fraud. Derived from a global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate across fintech ballooned 70% in 2021-making it the highest increase across any vertical in the network.

Bypassing defenses built into the user's browser to fool them into trusting a malicious page tends to be difficult in the absence of an exploitable vulnerability, thanks to browser security mechanisms including Content Security Policy settings and the Same-origin policy security model. The BitB attack extends this technique by creating an entirely fabricated browser window, including trust signals like a locked padlock icon and a known URL. You think you're seeing a real popup window, but it's actually just faked within the page, and ready to capture your credentials.

Kubernetes is being rapidly deployed into mission-critical environments in organizations around the world, the research showed, with 86% of organizations expecting to deploy the technology in the next two to three years, and one-third already relying on it today. The research, which gathered the opinions of 1,100 senior IT decision makers globally, found that 48% of organizations that have deployed Kubernetes have already experienced a ransomware attack on their containerized environments, while a staggering 89% of respondents said that ransomware attacks on Kubernetes environments are an issue for their organizations today.

Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices.

In addition to dealing with threats designed to take advantage of the war in Ukraine, companies and governments face fresh attacks from new and existing vulnerabilities on many fronts. CISA added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog this week to draw attention to vulnerabilities bad actors are actively exploiting.

SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk instances and advised removing them from publicly accessible infrastructure. "A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk 12.7.5. The customer's endpoint detection and response system blocked the attack and alerted the customer to the issue," SolarWinds said.

The U.S. Cybersecurity & Infrastructure Security Agency has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. Since threat actors have been observed targeting these flaws in the attacks, failing to address the security issues means risking a network compromise that can lead to a catastrophic data breach or ransomware attack.

The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants. The most prevalent ransomware groups in Q4 2021, according to a report by Intel 471, were LockBit 2.0, Conti, PYSA, and Hive.

A massive distributed denial-of-service attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident. In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.