Week in review: Malware targeting Linux-based OSes, Log4j exploitation risk

Week in review

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Log4j exploitation risk is not as high as first thought, cyber MGA says
When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address.

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)
Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple.

A “light” February 2022 Patch Tuesday that should not be ignored
February 2022 Patch Tuesday is here and it’s all-around “light” – light in fixed CVE-numbered vulnerabilities (51), extremely light in critical fixes (50 are “important” and one is “moderate”), and light in exploited vulnerabilities (none of the vulnerabilities are listed as under active attack).

End of 2021 witnessed an explosion of RDP brute-force attacks
RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 brought a further acceleration, with an increase of 274% (from 55 billion in T2 2021 to 206 billion in T3 2021).

Why identity and access management strategies need a booster
In this interview with Help Net Security, Miles Hutchinson, CISO of Jumio, talks about the pain points of identity and access management and the importance of strenghtening identity strategies.

Most breaches largely caused by staff working from home
Diligent announces a survey of 450 senior finance and risk professionals in UK-listed businesses. The results show that UK businesses lost £374 million in 2021, largely due to cyberbreaches caused by staff having to work from home.

Contextualizing supply chain risks in a SaaS environment
In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Nonetheless, CISOs continue to experience significant friction with third-party risk management (TPRM).

MFA still offers the best chance of keeping data secure
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using multi-factor authentication (MFA).

The four types of remote workers your security awareness program must address
No matter how much technology you acquire or how many specific technical controls you install, when it comes to your information security awareness program, the most important control to tune within your environment is your people.

Ransomware groups and APT actors laser-focused on financial services
Trellix released a report, examining cybercriminal behavior and activity related to cyber threats in the third quarter (Q3) of 2021.

Google announces threat detection for virtual machines in its cloud
Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It’s called Virtual Machine Threat Detection (VMTD), and will help select Security Command Center customers detect cryptomining malware inside their virtual machines.

Attacks against health plans up nearly 35%
Critical Insight announced the release of a report which analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations.

Microsoft: Enterprise MFA adoption still low
While two-factor authentication usage in the consumer space is climbing quickly, enterprises are still straggling when it comes to using multi-factor authentication (MFA) to protect crucial accounts, despite the fact that compromised credentials are the starting point of most cyber-attacks.

Why cybersecurity and anti-fraud teams need to collaborate
For years, many of the world’s largest financial institutions treated financial fraud and cybersecurity as separate departments with differing roles, responsibilities, and threats.

Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses.

Why security strategies need a new perspective
When it comes to designing a cybersecurity strategy, it makes sense to move beyond all the noise about the latest and most sophisticated attacks and the latest and most sophisticated security solutions, and focus attention on the employees instead – but not necessarily on the current staff.

Disaster recovery is critical for business continuity
In this interview with Help Net Security, Joe Noonan, a product executive that oversees the full backup and disaster recovery suite at Kaseya, which includes Unitrends, Spanning and all Kaseya-branded backup solutions, talks about the present and future of BCDR.

Low code applications are essential for cybersecurity development in applications
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. In fact, some industry sources estimate that roughly half of a developer’s time is now spent on security issues.

2021 was the most prolific year on record for data breaches
Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.

Tips to mitigate public-key cryptography risk in a quantum computing world
Quantum computing is poised to transform the industry over the next decade. With its promise of breakthrough speed and power, it’s easy to understand why there is so much hype around this new technology.

How cybercriminals are using malware to target Linux-based operating systems
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection.

Cloud security training is pivotal as demand for cloud services explode
Even before the pandemic, cloud-based tools were very popular. The pandemic has further accelerated the adoption of these tools and services, as the global workforce converted to remote employees overnight.

The most common cyber gaps threatening supply chain security
Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised credentials as among the most common issues impacting supply chain security, with 44% of companies affected.

Product showcase: Group-IB Atmosphere
This article looks at three real-life attacks attempted via corporate email, all of which were stopped by Group-IB’s cloud email protection system Atmosphere. The attacks serve as an example of how cybercriminals exploit weaknesses in the current approach to email security. In this regard, properly built corporate email security is the first line of cyberdefense.

3 key elements of a strong cybersecurity program
The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.

Product showcase: Oxeye.io – Cloud native application security testing
Delivering secure applications requires tooling built for automation in the modern tech stack. Oxeye provides a cloud-native application security testing solution that is designed to overcome the challenges imposed by the complex nature of modern architectures. Given the distributed cloud-native architecture, traditional testing methodologies simply aren’t enough to address security holistically.

Product showcase: Sniper – automatically detect and exploit critical CVEs in minutes
When a CVE like Log4Shell (CVE-2021-44228) surfaces, Sniper automatically finds systems vulnerable to its targeted intrusion techniques. By automating how you validate widespread CVEs with Sniper, you minimize the window of opportunity for attackers. This helps avoid aggressive exploitation campaigns that always follow high-risk vulnerability disclosures.

New infosec products of the week: February 11, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Cofense, Cybellum, DataStax, Federal Reserve, Gigamon, Qualys, Runecast, and Spin Technology.

More about

Don't miss