This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On May 20, 2019

Monday 5/13

Update Your Drivers Right Now If You Have An NVIDIA GeForce, Quadro or Tesla Graphics Card

Nvidia has uncovered and patched three vulnerabilities in the Windows display drivers for the company’s GeForce, Quadro and Tesla graphics cards. If exploited, the vulnerabilities could lead to denial of service, escalation of privileges or information disclosure on the host machines.

HyTrust Launches Full-Scale Security Platform for VMware, AWS, Containers

HyTrust CloudControl 6.0 expands to include VMware vSphere and NSX, the AWS cloud and Kubernetes. The expanded platform addresses problems organizations currently face in trying to secure and ensure compliance of their hybrid, multi-cloud environments efficiently.

Cybersecurity: This is how Microsoft Defender ATP tackles password-stealing credential dumping attempts

As Microsoft explains, lsass.exe manages large amounts of user credential secrets, making its memory space a key target for "credential dumping" — or stealing credentials from the operating system, which an attacker can use to then move laterally around a targeted network.

Tuesday 5/14

Update WhatsApp now to avoid spyware installation from a single missed call

A vulnerability discovered in Facebook’s WhatsApp messaging app is being exploited to inject commercial spyware onto Android and iOS phones by simply calling the target, reports The Financial Times. The spyware can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp.

Two years after WannaCry, a million computers remain at risk

As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. But that only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher.

Cybercriminals favor targeting top executives, small businesses, money: Verizon data breach report

According to this year’s report, 43% of all breaches occurred at small businesses, with the number one driver behind these breaches being financial gain. Ransomware accounted for 24% of the malware incidents analyzed and is the number two most-used malware type behind Command and Control (C2) malware.

Wednesday 5/15

April 2019’s Most Wanted Malware: Cyber Criminals Up to Old ‘Trickbots’ Again

Trickbot campaigns increased sharply with several American Tax Day-themed spam campaigns timed to coincide with the April 15th deadline for individual income tax returns in the U.S. The spam campaigns spread Excel file attachments that downloaded Trickbot to victims’ computers to spread across networks, collect banking details, and possibly steal tax documents for fraudulent use.

Intel CPUs impacted by new Zombieload side-channel attack

The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow. Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance.

Hackers access data from more than 460,000 accounts at Uniqlo’s online store

The breach gave hackers access to customers’ data including their names, addresses and contact details. The company acknowledged that partial credit card information “may have been browsed,” though “there is no possibility of leakage” in credit card security codes.

Thursday 5/16

Source Code Discovery Sheds Light on the Business of Malware

The recent uncovering of the Carbanak source code on VirusTotal by FireEye has been an eye-opener into the sophisticated factory-line product development techniques used to create and, more importantly, build a commercial-scale and particularly dangerous form of malware.

Cisco releases a critical security patch for a virtualized automation tool

The vulnerability in this case lies in the REST API of ESC and could let an unauthenticated remote attacker bypass authentication on the REST API and execute arbitrary actions with administrative privileges on an affected system. The severity of this weakness was rated a 10 out of 10.

Monday 5/20

Illicit streaming devices are more popular than ever, and hackers are taking note

Online hackers are using illicit streaming devices — known as “Kodi boxes” or “jailbroken Fire TV sticks” — to skirt home network security measures, infect consumers with malware, and steal vital personal information like passwords and financial records.

Security researchers discover Linux version of Winnti malware

The malware discovered was made up of two parts. A rootkit component to hide the malware on infected hosts, and the actual backdoor trojan. Further analysis revealed code similarities between the Linux version and the Winnti 2.0 Windows version.

How to Fight Back Against Macro Malware

By hiding malcode inside macros, cybercriminals can conceal their intentions until a potential victim unwittingly unleashes the payload.