Patches released for Microsoft Exchange, SAP, Apple and Adobe products, and more.
Welcome to Cyber Security Today. It’s Wednesday, February 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Microsoft issued a number of important security updates on Patch Tuesday. One affects all Exchange servers dating back to Exchange 2013. It closes a critical privilege escalation vulnerability, which is actively being exploited. It’s one of nine critical holes in Microsoft products that need patching. Another is in Microsoft Word, SharePoint, 365 Apps and Office for Mac. There are also three critical remote code execution vulnerabilities that can hinder Windows’ capability to establish secure connections with wireless clients.
By the way, Exchange Server 2013 reaches end of support on April 11th. You have until then to upgrade to a new on-premise version or switch to the cloud version of Exchange.
Also yesterday, SAP released 26 new and updated security patches. According to researchers at Onapsis, the most critical is a vulnerability in SAP Host Agent, which allows an authenticated ordinary user with local access to a server port to cause mischief.
Adobe released critical security patches for Illustrator and AfterEffects, as well as an important fix to plug a hole in Photoshop.
And Apple released security updates for iPhones, iPads and MacBooks.
On Monday’s podcast I told you about the compromise of Fortra’s GoAnywhere MFT managed file transfer service. Now there’s word of one victim: Community Health Systems, which runs a number of hospitals in many U.S. states. In a regulatory filing spotted by the news site Databreaches.net the company said personal information on nearly 1 million American patients was copied in hack. Bleeping Computer says the Clop ransomware gang claims it stole data from 130 organizations in the compromise.
Attention website administrators: Hackers continue to take advantage of poorly-secured websites that use the WordPress content manager. The latest evidence comes from researchers at Sucuri, who say over 2,600 new websites have been infected so far this year in a campaign that started last year. The goal is to covertly install code that redirects your website’s viewers to sites that talk about cryptocurrency and blockchains. Apparently this is an advertising fraud scam. The more an ad is seen the more revenue the crooks get. The researchers haven’t found a particular WordPress exploit the hackers are using for this. So their advice to administrators is be vigilant, patch all software, watch your WordPress code for compromises and secure WordPress administration consoles with multifactor authentication.
Attention application developers. Hackers continue finding ways to plant infected packages on the open-source Python Package Index (PyPI). Researchers at Phylum say an attacker last week uploaded over 451 downloadable malware packages. They attempt to hide by mimicking the names of popular packages. The crook hopes unwitting victims will mistake the fake packages for ones they are looking for. The malware finds and replaces cryptocurrency wallet addresses copied to a computer’s clipboard with the attacker’s wallet address. As always developers have to be careful what they download from any open source library of code. Recently Check Point Software found 16 malicious packages on the NPM repository for JavaScript code. They have been removed, but the malware enabled cryptojacking of computers. Operators of code repositories have to take more steps to detect and block bad code.
North Korea’s Lazarus hacking group is believed to have found a new way to launder millions of dollars worth of stolen cryptocurrency. Researchers at Elliptic Enterprises believe Lazarus is now using a mixer service called Sinbad. It replaces an online service called Blender, which disappeared last year after being sanctioned by the U.S. The suspicion is Sinbad is being run by the same operator as Blender. North Korean hackers are also using a mixer called Tornado Cash.
Finally, if you want a laugh as well as education on how online romance scams work, Sophos senior threat researcher Sean Gallagher has published a blog on how a crook posing as a woman tried to seduce him into investing in a phony gold-trading market. This person was not deterred by the fact that Gallagher told them what he does for a living.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.