{"id":21630,"date":"2022-04-13T08:19:46","date_gmt":"2022-04-13T12:19:46","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=479919"},"modified":"2022-04-13T13:58:49","modified_gmt":"2022-04-13T17:58:49","slug":"cyber-security-today-wednesday-april-13-2022-updated-malware-attacks-a-ukraine-power-company-the-raidforums-darkweb-site-is-seized-a-new-hafnium-attack-and-more-patches-issued","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-wednesday-april-13-2022-updated-malware-attacks-a-ukraine-power-company-the-raidforums-darkweb-site-is-seized-a-new-hafnium-attack-and-more-patches-issued\/","title":{"rendered":"Cyber Security Today, Wednesday April 13, 2022 \u2013 Updated malware attacks a Ukraine power company, the RaidForums darkweb site is seized, a new Hafnium attack and more patches issued"},"content":{"rendered":"<p>Updated malware attacks a Ukraine power company, the RaidForums darkweb site is seized, a new Hafnium attack and more patches issued.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Wednesday April 13th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p>&nbsp;<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22773890\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<div style=\"border: 1px solid #ccc; padding: 20px; font-size: 18px;\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"alignright size-medium\" src=\"https:\/\/www.itworldcanada.com\/client\/amazon-logo2.png\" width=\"187\" height=\"150\"><em>What does it mean to have a successful<br \/>\nsecurity organization? There are three key elements that business<br \/>\nleaders have identified. Download the eBook \u201c<a href=\"http:\/\/itworldcanada.com\/aws\" rel=\"noopener\">Traits of Highly Successful Security Organizations<\/a>\u201d<br \/>\nsponsored by AWS at <a href=\"http:\/\/itworldcanada.com\/aws\" rel=\"noopener\">itworldcanada.com\/aws<\/a> <\/em><\/div>\n<p>&nbsp;<\/p>\n<p><strong>The Russian military threat group<\/strong> known as Sandworm has allegedly reached back into the past for its latest cyber attack on Ukraine. <a href=\"https:\/\/www.welivesecurity.com\/2022\/04\/12\/industroyer2-industroyer-reloaded\/\" rel=\"noopener\">According to security researchers at ESET,<\/a> last Friday Sandworm deployed an updated version of a piece of malware that it successfully used in 2016 to temporarily bring down part of Ukraine\u2019s power grid. The latest victim was also a power provider. The original malware, dubbed Industroyer, goes after network-connected industrial controllers. Industroyer2 is slightly different: It goes after devices only running the IEC-104 protocol. Then it releases a new version of the CaddyWiper destructive malware to attack those devices. CaddyWiper was first discovered in March going after a bank in Ukraine. There was also a third piece of malware deployed against the energy company last week, another wiper that destroys servers running the Linux and Solaris operating systems. ESET isn\u2019t sure how the attackers compromised the energy company last week, or how it moved from the IT to the industrial control system network. IT admins need to familiarize themselves with this malware in case it\u2019s used in other countries.<\/p>\n<p><strong>On the other side<\/strong> of the cyberwar, the British news agency The Telegraph reports a hacking group claims it has compromised servers at the Russian space agency, <a href=\"https:\/\/www.hackread.com\/anonymous-hits-russian-entities-leaks-400-gb-emails\/\" rel=\"noopener\">while the hacktivist group Anonymous claims<\/a> it hacked three more Russian companies and leaked their emails.<\/p>\n<p><strong>The U.S. and Europol announced<\/strong> t<a href=\"https:\/\/www.justice.gov\/opa\/pr\/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator\" rel=\"noopener\">he seizure of the website called RaidForums<\/a>, a criminal marketplace where stolen data was bought and sold. The U.S. also unsealed six criminal charges laid against the site\u2019s founder and chief administrator. He was arrested in January in Romania, where the U.S. has requested his extradition. The investigation was done with the help of Europol as well as police in the U.K., Sweden, Romania, Portugal, Germany and other law enforcement agencies.<\/p>\n<p><strong>The China-based Hafnium threat group<\/strong> has a new attack campaign against telecommunications companies, internet service providers and data services firms. According to Microsoft, it\u2019s been going on since last August. It leverages a hole in the Rest API of Zoho\u2019s ManageEngine, an identity and access management authentication suite. As part of the attack a new evasion malware dubbed Tarrask is used that hides in Windows Task Scheduler. It then executes tasks the attacker wants done. <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/04\/12\/tarrask-malware-uses-scheduled-tasks-for-defense-evasion\" rel=\"noopener\">This link to a report<\/a> includes indicators of compromise security teams should look for.<\/p>\n<p><strong>Attention IT administrators<\/strong>: If staff at your firm use the AWS Client VPN for remotely connecting to servers and data on the AWS platform make sure you\u2019re running the latest version. That\u2019s because a serious vulnerability has been found. <a href=\"https:\/\/rhinosecuritylabs.com\/aws\/cve-2022-25165-aws-vpn-client\/\" rel=\"noopener\">According to researchers at Rhino Security Labs<\/a>, the client can be compromised by an attacker. The new version users should have is 3.0.<\/p>\n<p><strong>Another update warning<\/strong> <a href=\"https:\/\/support.hp.com\/us-en\/document\/ish_6052753-6052783-16\/hpsbhf03750\" rel=\"noopener\">comes from HP and the remote desktop utility it now owns called Teradici PCoIP.<\/a> There are high severity vulnerabilities in the Client and Graphics Agents that need to be patched with the latest updates. These are tools used not only in Windows but also Linux and macOS environments. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints\/\" rel=\"noopener\">According to a news report<\/a> these Teradici products are available not only from HP but also other vendors.<\/p>\n<p><strong>Finally,<\/strong> yesterday was Patch Tuesday, when a number of IT companies release patches or security updates for their products. That includes Microsoft and SAP. SAP administrators should note one them fixes a serious hole in the HANA Extended Application Services. For any vendor make sure patches are prioritized and applied as soon as possible.<\/p>\n<p>You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-wednesday-april-13-2022-updated-malware-attacks-a-ukraine-power-company-the-raidforums-darkweb-site-is-seized-a-new-hafnium-attack-and-more-patches-issued\/479919\">Cyber Security Today, Wednesday April 13, 2022 \u2013 Updated malware attacks a Ukraine power company, the RaidForums darkweb site is seized, a new Hafnium attack and more patches issued<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the Sandworm group&#8217;s latest attack on a Ukraine power company, the closing of the RaidForums darkweb marketplace, a new Hafnium attack uses Windows Scheduler to launch attacks and more patches issued<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-wednesday-april-13-2022-updated-malware-attacks-a-ukraine-power-company-the-raidforums-darkweb-site-is-seized-a-new-hafnium-attack-and-more-patches-issued\/479919\">Cyber Security Today, Wednesday April 13, 2022 \u2013 Updated malware attacks a Ukraine power company, the RaidForums darkweb site is seized, a new Hafnium attack and more patches issued<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20709,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388],"class_list":["post-21630","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=21630"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21630\/revisions"}],"predecessor-version":[{"id":21649,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21630\/revisions\/21649"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20709"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=21630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=21630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=21630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}