{"id":30190,"date":"2022-10-24T07:42:01","date_gmt":"2022-10-24T11:42:01","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=509655"},"modified":"2022-10-25T09:57:42","modified_gmt":"2022-10-25T13:57:42","slug":"cyber-security-today-oct-24-2022-a-new-ransomware-data-removal-tool-is-found-a-warning-that-exploit-proofs-of-concepts-in-github-may-not-be-safe-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-oct-24-2022-a-new-ransomware-data-removal-tool-is-found-a-warning-that-exploit-proofs-of-concepts-in-github-may-not-be-safe-and-more\/","title":{"rendered":"Cyber Security Today, Oct. 24, 2022 \u2013 A new ransomware data removal tool is found, a warning that exploit proofs-of-concepts in Github may not be safe, and more"},"content":{"rendered":"<p data-ar-index=\"0\">A new ransomware data removal tool is found, a warning that exploit proofs-of-concept in Github may not be safe, and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, October 24th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24774363\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Many ransomware gangs<\/strong> use affiliates to initially break into the networks of targets. Those affiliates are just as crafty as the ransomware developers and often create custom tools to help their work. The latest example <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/blackbyte-exbyte-ransomware\" rel=\"noopener\">is the discovery by researchers at Symantec<\/a> of a new data exfiltration tool they call Exbyte. It\u2019s usually deployed prior to the installation of the BlackByte strain of ransomware. Thanks to the work of these researchers there are indicators of compromise that security and IT teams can look for. There\u2019s a link to their report in the text version of this podcast.<\/p>\n<p data-ar-index=\"4\"><strong>Threat actors are still trying<\/strong> to exploit an unpatched hole in VMware\u2019s Workspace One Access and Identity Manager. This alert <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/multiple-malware-campaigns-target-vmware-vulnerability\" rel=\"noopener\">comes from researchers at Fortinet<\/a>, who have released an analysis of some of the attempts. VMware administrators have no excuse for not patching this application by now: The security update was released in April.<\/p>\n<p data-ar-index=\"5\"><strong>Attention IT administrators<\/strong> using Microsoft Azure for running applications: You need to install a patch issued by Microsoft earlier this month to close a vulnerability in the Service Fabric Explorer. SFX inspects and manages cloud applications and nodes in a Service Fabric cluster. The hole allows an attacker to gain full administrative privileges on the cluster. The hole was <a href=\"https:\/\/orca.security\/resources\/blog\/fabrixss-vulnerability-azure-fabric-explorer\/\" rel=\"noopener\">discovered by researchers at Orca Security<\/a>. They note the hole affects version 1 of SFX. Administrators should make sure they\u2019re running version 2.<\/p>\n<p data-ar-index=\"6\"><strong>Application developers<\/strong> have been warned for months about the risk of malicious packages in the open-source GitHub repository. Now there\u2019s a warning of hidden vulnerabilities in proof-of-concept exploits also uploaded to Github. The work was done by researchers at the Leiden Institute of Advanced Computer Science and <a href=\"https:\/\/one-conference.nl\/sessie\/13-40\/a-study-of-fake-and-malicious-cve-proof-of-concepts-in-github\/\" rel=\"noopener\">presented last week at a conference in the Netherlands<\/a>. Proofs-of-concept are supposed to help developers learn how hackers exploit holes in code. But the research suggests some threat actors are using GitHub as a place to plant vulnerabilities in the computers of developers by listing them within a proof-of-concept exploit. GitHub, like other open code repositories, doesn\u2019t provide an assurance that any code \u2014 be it an application library or a proof of concept \u2014 is trustworthy. One of the researchers, who also works for Darktrace, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware\/\" rel=\"noopener\">told the Bleeping Computer news site<\/a> that developers should carefully scrutinize the proofs-of-concept they download from any source. One hint: Be suspicious if the code is too obfuscated and needs too much time to analyze manually. Another hint: Use open-source intelligence tools like VirusTotal to analyze any open-source binaries.<\/p>\n<p data-ar-index=\"7\"><strong>IT and security leaders<\/strong> need to know what\u2019s in applications to be able to judge their level of risk. Last week Google announced a way to help.<a href=\"https:\/\/security.googleblog.com\/2022\/10\/announcing-guac-great-pairing-with-slsa.html\" rel=\"noopener\"> It has created a project<\/a> called the Graph for Understanding Composition, or GUAC for short. the goal is to help developers create metadata about their applications that describe the software build, security and dependencies. There already are several efforts, such as the ability to create signed attestations about how software was built (known as SLSA), and software bill of materials generators. However, Google argues that it\u2019s hard to combine and synthesize the information in a comprehensive view. GUAC would bring together different sources of software security metadata into a graph database. This is an open-source project on Github, and Google is looking for contributors.<\/p>\n<p data-ar-index=\"8\"><strong>Here\u2019s how<\/strong> could this help you. It only took a few days for hackers to start trying to exploit the vulnerability in the open-source Apache Commons Text library, which is used by some developers in their applications. I told you about this hole \u2014 now given the nickname Text4Shell \u2013last Wednesday. A few days later <a href=\"https:\/\/www.wordfence.com\/blog\/2022\/10\/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts\/\" rel=\"noopener\">researchers at WordFence said<\/a> they started seeing threat actors looking for vulnerable applications. This vulnerability isn\u2019t as bad as Log4Shell, but Text4Shell needs to be addressed.<\/p>\n<p data-ar-index=\"9\"><strong>Finally,<\/strong> international acceptance of a cybersecurity rating system for smart consumer products is progressing. <a href=\"https:\/\/www.zdnet.com\/article\/singapore-germany-to-mutually-recognise-iot-cybersecurity-labels\/\" rel=\"noopener\">Last week Singapore and Germany agreed to recognize<\/a> their respective cybersecurity rating systems. Finland has a similar agreement with Singapore, where the idea started. And last week at a conference at the White House <a href=\"https:\/\/www.cyberscoop.com\/white-house-iot-labeling-program\/\" rel=\"noopener\">the Biden administration encouraged<\/a> the U.S. technology industry to come up with similar but voluntary labeling standards by next year. The U.S. idea would have a bar code consumers could scan on items like internet routers, internet-connected speakers, household robots and home automation hubs that might rate devices\u2019 security for being able to get security updates, only collect limited personal data is collected, that data is encrypted and other things.<\/p>\n<p data-ar-index=\"10\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"11\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-oct-24-2022-a-new-ransomware-data-removal-tool-is-found-a-warning-that-exploit-proofs-of-concepts-in-github-may-not-be-safe-and-more\/509655\">Cyber Security Today, Oct. 24, 2022 \u2013 A new ransomware data removal tool is found, a warning that exploit proofs-of-concepts in Github may not be safe, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on a new ransomware data exfiltration, a Microsoft Azure vulnerability, a start by Google to bring order to software bills of material effort<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,40,62],"class_list":["post-30190","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-google","tag-microsoft"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=30190"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30190\/revisions"}],"predecessor-version":[{"id":30217,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/30190\/revisions\/30217"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=30190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=30190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=30190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}