{"id":22117,"date":"2022-04-27T07:59:50","date_gmt":"2022-04-27T11:59:50","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=481354"},"modified":"2022-04-28T14:25:53","modified_gmt":"2022-04-28T18:25:53","slug":"cyber-security-today-april-27-2022-lots-of-software-still-has-log4j2-vulnerabilities-hackers-took-only-days-to-exploit-a-vmware-vulnerability-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-april-27-2022-lots-of-software-still-has-log4j2-vulnerabilities-hackers-took-only-days-to-exploit-a-vmware-vulnerability-and-more\/","title":{"rendered":"Cyber Security Today, April 27, 2022 \u2013 Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more"},"content":{"rendered":"<p>Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Wednesday April 27th. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22922933\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Four months after<\/strong> the log4j2 open-source logging vulnerability called Log4Shell was revealed many developers have yet to install security updates in their applications. <a href=\"https:\/\/www.rezilion.com\/blog\/months-later-are-you-still-vulnerable-to-log4shell\/\" rel=\"noopener\">That\u2019s according to researchers at Rezilon<\/a>. (Registration required to get report) It estimates that only 40 per cent of the almost 18,000 open-source packages that use log4j2 have been patched. Even if your application or server that uses log4j2 isn\u2019t connected to the internet it is vulnerable. For example, Java applications on an internal server can be hit by logs received from a compromised externally-connected server. Rezilion believes many IT departments don\u2019t know their applications use log4j2, particularly if it\u2019s in their third-party software. Rezilion argues IT departments and developers have to get better at scanning their applications for vulnerabilities, especially in third-party code.<\/p>\n<p><strong>Threat actors move fast.<\/strong><a href=\"https:\/\/blog.morphisec.com\/vmware-identity-manager-attack-backdoor\" rel=\"noopener\"> According to researchers at Morphisec<\/a>, the latest example is the attempt to exploit a vulnerability in VMware\u2019s Workspace One Access. It\u2019s an identity management suite. Earlier this month \u2014 a week after VMware released a patch for the hole \u2014 Morphisec detected threat groups trying to exploit the vulnerability. The patch was released April 6th. Five days later a proof-of-concept exploit was seen, and three days after that threat actors were trying to exploit the hole. And what were attackers trying to do? Install backdoors into systems. That could lead to the installation of any type of malware, including ransomware. IT administrators who are slow to patch critical applications are a hacker\u2019s dream.<\/p>\n<p><strong>Last month<\/strong> I reported that a new threat actor has been depositing malware packages in the NPM open source library. Their goal apparently is to infect applications created with open-source material, and use them to hack into organizations. This week researchers at Checkmarx followed up on their original report to say this person or group is still at it. The number of infected packages is over 1,500. So <a href=\"https:\/\/checkmarx.com\/blog\/attacker-adds-evasive-technique-to-their-ongoing-attacks-on-npm\/\" rel=\"noopener\">Checkmarx created a website<\/a> that tracks infected packages added by this hacker. Application developers can use it to check against anything they download from NPM. Checkmarx has named that attacker Red-Lili, so the site is <a href=\"https:\/\/red-lili.info\/\" rel=\"noopener\">red-lili.info<\/a>.<\/p>\n<p><strong>Wireless solutions<\/strong> can solve many problems \u2014 and they can create many cybersecurity openings for attackers. <a href=\"https:\/\/www.securityweek.com\/tractor-trailer-brake-controllers-vulnerable-remote-hacker-attacks\" rel=\"noopener\">Here\u2019s an example as reported by SecurityWeek<\/a>: A number of years ago the trucking industry created a short-range wireless way of linking the brakes on heavy trucks so a signal light can alert drives the anti-lock braking system had failed. However, an advisory sent out last month by the U.S. Cybersecurity and Infrastructure Security Agency noted vulnerabilities in the brake controller could in theory allow a hacker to launch a cyberattack and impair brake performance. This is because the wireless standard around which products are built doesn\u2019t have a user authorization protocol. All an attacker would need to compromise a system is a transmitter about 12 feet away at a place where trucks have to slow down or stop. There\u2019s a way to solve this for the trucking industry: Make sure developers creating wireless brake warning applications only allow the ABS warning light to be triggered. They shouldn\u2019t allow other commands to the system. There\u2019s also a lesson for developers of any wireless solution: User authorization and authentication has to be built into every application.<\/p>\n<p><strong>Finally,<\/strong> big tech companies this month continued to pressure Congress to pass a national U.S. privacy law. The latest was Google. This week Kent Walker, Google\u2019s president of Global Affairs, <a href=\"https:\/\/blog.google\/outreach-initiatives\/public-policy\/the-urgent-necessity-of-enacting-a-national-privacy-law\/\" rel=\"noopener\">made the plea at a conference in Washington.<\/a> Earlier this month Apple and Microsoft did the same at a conference run by the International Association of Privacy Professionals. There have been several attempts at federal legislation, but so far there has been no consensus.<\/p>\n<p>That\u2019s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That\u2019s where you\u2019ll also find other stories of mine.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-april-27-2022-lots-of-software-still-has-log4j2-vulnerabilities-hackers-took-only-days-to-exploit-a-vmware-vulnerability-and-more\/481354\">Cyber Security Today, April 27, 2022 \u2013 Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on Log4Shell vulnerabilities, the speedy work of hackers, a website that catalogs one hacker&#8217;s efforts to compromise the NPM library and a risky wireless brake light solution<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-april-27-2022-lots-of-software-still-has-log4j2-vulnerabilities-hackers-took-only-days-to-exploit-a-vmware-vulnerability-and-more\/481354\">Cyber Security Today, April 27, 2022 \u2013 Lots of software still has log4j2 vulnerabilities, hackers took only days to exploit a VMware vulnerability and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20701,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,361,16],"tags":[389],"class_list":["post-22117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-privacy","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=22117"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22117\/revisions"}],"predecessor-version":[{"id":22195,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22117\/revisions\/22195"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20701"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=22117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=22117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=22117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}