{"id":28248,"date":"2022-09-12T08:33:31","date_gmt":"2022-09-12T12:33:31","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=502514"},"modified":"2022-09-12T12:59:12","modified_gmt":"2022-09-12T16:59:12","slug":"cyber-security-today-sept-12-2022-a-vulnerability-found-in-the-backupbuddy-wordpress-plugin-a-new-linux-malware-discovered-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-sept-12-2022-a-vulnerability-found-in-the-backupbuddy-wordpress-plugin-a-new-linux-malware-discovered-and-more\/","title":{"rendered":"Cyber Security Today, Sept. 12, 2022 \u2013 A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more"},"content":{"rendered":"<p data-ar-index=\"0\">A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, September 12th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for <em>ITWorldCanada.com.<\/em><\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24336096\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"4\"><strong>Threat actors<\/strong> continue to use flaws in WordPress plugins to get into services hosted by the content manager. The latest example is a backup utility called BackupBuddy. <a href=\"https:\/\/www.wordfence.com\/blog\/2022\/09\/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin\/\" rel=\"noopener\">According to researchers at Wordfence<\/a>, the vulnerability makes it possible for unauthenticated users to download files stored in WordPress. BackupBuddy users may have had their WordPress sites attacked as early as August 26th. Administrators should be running version 8.7.5 of BackupBuddy. They should also be looking for signs of possible compromise.<\/p>\n<p data-ar-index=\"5\"><strong>Attention<\/strong> Linux administrators: New malware targeting devices of all kinds running Linux has been discovered. <a href=\"https:\/\/cybersecurity.att.com\/blogs\/labs-research\/shikitega-new-stealthy-malware-targeting-linux\" rel=\"noopener\">Researchers at AT&amp;T call<\/a> the malware Shikitega. They call it that because of the similar name of the encoder the package uses. Researchers don\u2019t say how devices get initially infected. But a successful attacker can gain full control of the infected system, including depositing a cryptocurrency miner. This malware can attack anything running Linux, including desktops, servers, sensors and industrial control systems. Linux administrators are urged to protect systems against infection by keeping software patched with security updates and installing antivirus or endpoint detection and response software on all endpoints.<\/p>\n<p data-ar-index=\"6\"><strong>More than<\/strong> US$30 million in cryptocurrency stolen by North Korean-based threat actors has been seized by law enforcement agencies. <a href=\"https:\/\/blog.chainalysis.com\/reports\/axie-infinity-ronin-bridge-dprk-hack-seizure\/\" rel=\"noopener\">That\u2019s according to blockchain provider Chainalysis.<\/a> It worked with several companies and unnamed police departments who were able to freeze digital currencies taken from online exchanges, games and businesses that use cryptocurrencies. With the funds frozen the thieves can\u2019t cash out. The investigation started after the theft in March of more than US$600 million in cryptocurrency from the Ronin Network, a cryptocurrency bridge used for a blockchain-based game. Some of that money was laundered through a service called Tornado Cash. Shortly after that theft Tornado Cash was sanctioned by the U.S. Treasury Department for being abused by threat actors trying to cash out cryptocurrency.<\/p>\n<p data-ar-index=\"7\"><strong>Last week<\/strong> the Coinbase cryptocurrency exchange <a href=\"https:\/\/blog.coinbase.com\/sanctions-should-target-bad-actors-not-technology-cb541ac6839a\" rel=\"noopener\">said it is funding<\/a> a legal challenge to the sanctioning of Tornado Cash. It argues the government should go after bad individuals, not a technology.<\/p>\n<p data-ar-index=\"8\"><strong>Attention<\/strong> medical IT specialists: If you have Baxter Sigma Spectrum Infusion Pumps in your environment watch for security updates and mitigations from the company. This comes after the discovery <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2022\/09\/08\/baxter-sigma-spectrum-infusion-pumps-multiple-vulnerabilities-fixed\/\" rel=\"noopener\">by researchers at Rapid7<\/a> of vulnerabilities in the devices and the battery units they use that connect to a Wi-Fi network. One mitigation is to restrict physical access to these infusion pumps. Another is to monitor network traffic connected to these pumps for unauthorized activity.<\/p>\n<p data-ar-index=\"9\"><strong>Finally,<\/strong> the U.S. Treasury Department <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy0941\" rel=\"noopener\">has added<\/a> Iran\u2019s intelligence minister and the country\u2019s Ministry of Intelligence and Security to its sanctions list for being behind cyber attacks against the United States and its allies. This comes after threat actors believed to be sponsored by the ministry disrupted Albanian government computer systems. That government was forced to suspend online public services for its citizens. The U.S. says the Iranian intelligence ministry supports a threat group known to security researchers as MuddyWater and a group dubbed APT39. The sanctions mean that all property and interests of the minister and his department that are subject to U.S. jurisdiction are blocked.<\/p>\n<p data-ar-index=\"10\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"11\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-sept-12-2022-a-vulnerability-found-in-the-backupbuddy-wordpress-plugin-a-new-linux-malware-discovered-and-more\/502514\">Cyber Security Today, Sept. 12, 2022 \u2013 A vulnerability found in the BackupBuddy WordPress plugin, a new Linux malware discovered, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on another WordPress plugin bug, a new Linux malware discovered, US sanctions against Iran&#8217;s intelligence ministry for cyber attack<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-28248","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=28248"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28248\/revisions"}],"predecessor-version":[{"id":28273,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28248\/revisions\/28273"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=28248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=28248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=28248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}