{"id":25063,"date":"2022-07-08T07:49:45","date_gmt":"2022-07-08T11:49:45","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=491898"},"modified":"2022-07-18T11:04:41","modified_gmt":"2022-07-18T15:04:41","slug":"cyber-security-today-july-8-2022-it-provider-recovering-from-a-cyber-attack-more-action-from-karakurt-and-chinese-attackers-and-new-linux-malware","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-july-8-2022-it-provider-recovering-from-a-cyber-attack-more-action-from-karakurt-and-chinese-attackers-and-new-linux-malware\/","title":{"rendered":"Cyber Security Today, July 8, 2022 \u2013 IT Provider Recovering From A Cyber Attack, More Action From Karakurt And Chinese Attackers And New Linux Malware"},"content":{"rendered":"<p data-ar-index=\"0\">IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Friday, July 8th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23677025\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\"><strong>American-based<\/strong> cybersecurity solution provider SHI International, which has offices around world including Canada, France, the U.K. and Hong Kong, is recovering after a cyber attack last weekend. The company said it was the target of what it called \u201ca co-ordinated and professional malware attack.\u201d In a blog it says the incident was swiftly identified and measures were taken to minimize the impact. That included taking websites and email offline. Email service has been restored, but as of Thursday afternoon, when this podcast was recorded, the home page of SHI.com and the Canadian SHI.ca only showed the incident statement. The company\u2019s normal web pages had been shifted to a domain starting blog.shi.com.<\/p>\n<p data-ar-index=\"5\"><strong>The Karakurt data theft and extortion group<\/strong> is back. That\u2019s according to researchers at Cyberint, who note at the end of last month the gang launched a new data leak site listing alleged victims. That new site listed 34 organizations. The site offers victims the ability to buy back copied data. There are three categories listed of victims: Those who are unwilling to pay a ransom for stolen data and risk it being publicly released, those whose data is in the process of being published and those whose data is fully published. The strategy is to increase the pressure on organizations to pay before they\u2019re embarrassed by the release of the stolen data. In May <a href=\"https:\/\/www.itworldcanada.com\/article\/conti-ransomware-brand-is-dead-but-gang-restructures-report\/485319\" rel=\"noopener\">researchers at AdvIntel said Karakurt partners<\/a> with some of those behind the Conti ransomware group.<\/p>\n<p data-ar-index=\"6\"><strong>Here\u2019s something interesting<\/strong>: A Chinese state-supported threat actor is allegedly targeting Russian organizations. That\u2019s the claim <a href=\"https:\/\/www.sentinelone.com\/labs\/targets-of-interest-russian-organizations-increasingly-under-attack-by-chinese-apts\/\" rel=\"noopener\">made by researchers at SentinelLabs.<\/a> The attacks use phishing emails to deliver infected Office documents that install a remote access trojan. Ironically, one document purports to be a warning from Russia\u2019s cyber centre to watch for attempts to steal employee passwords. \u201cIt remains clear that the Chinese intelligence apparatus is targeting a wide range of Russian-linked organizations,\u201d say the researchers.<\/p>\n<p data-ar-index=\"7\"><strong>A new threat to Linux systems<\/strong> has been found. <a href=\"https:\/\/www.intezer.com\/blog\/incident-response\/orbit-new-undetected-linux-threat\/\" rel=\"noopener\">It\u2019s being dubbed OrBit<\/a>, and according to a researcher at Intezer once the malware is installed it will infect all of the running processes on a computer or server. The report doesn\u2019t say how the malware is distributed \u2014 through email or an application weakness or another method. But it does say the malware gains persistence on the machine by hooking into key functions, giving the attacker remote access capabilities over SSH, stealing credentials, and logging TTY commands.<\/p>\n<p data-ar-index=\"8\"><strong>Application developers <\/strong>using the OpenSSL library for implementing the SSL and TLS security protocols should install the latest version of the platform. That\u2019s because <a href=\"https:\/\/thehackernews.com\/2022\/07\/openssl-releases-patch-for-high.html\" rel=\"noopener\">the project has released patches<\/a> to close a high-severity bug. You should be using version 3.0.5.<\/p>\n<p data-ar-index=\"9\"><strong>Finally,<\/strong> network administrators using Apache HTTP Server version 2.4.5 are urged to update to the latest version. That\u2019s version 2.4.54 or above. I<a href=\"https:\/\/thenewstack.io\/theres-a-nasty-security-hole-in-the-apache-webserver\/\" rel=\"noopener\">t closes a memory allocation vulnerability<\/a> that could cause a denial of service, according to a report in The New Stack.<\/p>\n<p data-ar-index=\"10\">Later today the Week in Review edition will be out. Guest Terry Cutler of <a href=\"https:\/\/www.cyologylabs.com\/?r_done=1\" rel=\"noopener\">Cyology Labs<\/a> will be here to discuss how to start a career in cybersecurity.<\/p>\n<p data-ar-index=\"11\">Remember links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p data-ar-index=\"12\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"13\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-july-8-2022-it-provider-recovering-from-a-cyber-attack-more-action-from-karakurt-and-chinese-attackers-and-new-linux-malware\/491898\">Cyber Security Today, July 8, 2022 \u2013 IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on a cyber attack on SHI International, the return of the Karahurt theft and extortion group, new Linux malware and important Apache and OpenS<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-25063","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/25063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=25063"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/25063\/revisions"}],"predecessor-version":[{"id":25595,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/25063\/revisions\/25595"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=25063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=25063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=25063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}