Security News

The Federal Bureau of Investigation warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. The packages have been mailed via the United States Postal Service and United Parcel Service to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021.

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.

Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device. This necessity also increased cloud providers utilizing Eltima's SDK that allow employees to mount local USB mass storage devices for use on their cloud-based virtual desktops.

Brother is warning that many of their printers may no longer work or display errors when using a USB connection in Windows 11. Brother states that you can ignore the error, and the document should print successfully.

According to a report released by Honeywell, USB threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew. USB devices leading to OT critical business disruption.

Much of the malware discovered last year by industrial organizations on USB drives was capable of causing disruption to industrial control systems, according to a new report from Honeywell. Honeywell's 2021 Industrial Cybersecurity USB Threat Report is based on data collected by the company's Forge Secure Media Exchange product, which is designed to protect industrial facilities from USB-borne threats by requiring users to check USB drives for potential threats using a dedicated device before connecting them to any endpoint within the organization.

Huawei has belatedly fixed an embarrassing vulnerability in a USB connectivity dongle, spotted by Trustwave, after The Register intervened. When infosec firm Trustwave's Spiderlabs division took a closer look at the stick last year, its researchers found a security blunder that affects macOS users: the USB stick acts as a storage drive that includes software to install to manage the dongle.

This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei's USB LTE dongles. Huawei LTE driver autoruns with maximum permissions.

USB ports in any organization's network need to be controlled because connected devices such as USB drives and smartphones can be used to transfer malware to computers or extract data assets. Blocking at the client-side continues until the device is removed from the computer or the device is authorized from the control at server-side.

DataLocker announced the release of an entirely new breed of encrypted USB drive. The DL4 FE changes the game for security professionals by providing bulletproof security and simple remote management in a small-form-factor USB drive with capacities up to 15.3 TB. "The onslaught of attacks by state actors, hackers, and cyber cartels continues. Threat actors are trying to exfiltrate terabytes of data to hold for ransom. Some want access to essential IT systems for later exploitation."