Security News

A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents. It's unknown how good of a time the man had, but he did reportedly end up passing out in the street, Japanese news source NHK reported the company who employed him as saying, elaborating on an incident report from the Amagasaki city government.

Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.

Microsoft has released a new Windows 11 build with a long list of changes, improvements, and fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel. The build's highlight is a new policy for Windows admins who want to exclude USB removable drives from BitLocker encryption.

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services and/or Amazon to target the transportation, insurance, and defense industries for ransomware infection, the FBI warned on Friday. FIN7 got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload. The FBI said that over the past several months, FIN7 has mailed the malicious USB devices to US companies, in hopes that somebody would plug in the drives, infect systems with malware and thus set them up for future ransomware attacks.

Millions of popular end-user routers are at risk of remote code execution due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables connection to USB devices over IP, enabling remote devices to interact with USB devices connected to a router as if they were directly plugged into your computer via USB. For example, the module enables users to access printers, speakers or webcams as though they were plugged directly into a computer via USB: access that's enabled by a computer driver that communicates with the router through the kernel module.

The most noteworthy information that came out today is a new FBI flash alert warning that REvil and BlackMatter were sending malicious USB drives to defense firms that deployed ransomware. Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel The Lapsus$ ransomware gang has hacked and is currently extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country's largest TV channel and weekly newspaper, respectively.

The Federal Bureau of Investigation warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. The packages have been mailed via the United States Postal Service and United Parcel Service to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021.

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.

Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device. This necessity also increased cloud providers utilizing Eltima's SDK that allow employees to mount local USB mass storage devices for use on their cloud-based virtual desktops.

Brother is warning that many of their printers may no longer work or display errors when using a USB connection in Windows 11. Brother states that you can ignore the error, and the document should print successfully.