VMware and Apple rush out security updates, a new ScreenConnect malware is found, and more.
Welcome to Cyber Security Today. It’s Wednesday, March 6th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
VMware has pushed out security updates to close four vulnerabilities in major products. They must be installed in ESXi, VMware Workstation, Fusion and Cloud Foundation. An exploit that combines the vulnerabilities would be rated as critical. A malicious actor with local administrative privileges on a virtual machine could use one of the vulnerabilities to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation would be contained within the VMX sandbox. But on Workstation and Fusion, it could lead to code execution on those machines.
It’s not uncommon for threat actors to rush out an exploit once an application vulnerability has been revealed. The goal is to compromise a system before it’s been patched. The latest example is malware discovered by researchers at Kroll aimed at compromising unpatched versions of a remote desktop software used by IT departments called ScreenConnect. Kroll dubs this new malware ToddlerShark, because it resembles malware called BabyShark that’s been used for a while by a North Korean hacking group. I first reported on the need to patch ScreenConnect two weeks ago. Kroll says the list of threat actors trying to compromise unpatched versions of ScreenConnect for initial access is growing.
Most cyber attacks come from outside threat actors. However, IT leaders still have to pay attention to the risks of accidental data loss and thefts from employees and contractors. According to a new report from Code42 Software, the number of insider incidents has increased 28 per cent since 2021. The company’s annual Data Exposure Report includes a survey of over 700 IT security pros in the U.S. Eighty-five per cent expect data loss from insider events to increase in the next 12 months. One factoid I pulled from the report: Companies conducting daily cybersecurity reminders said they experience fewer insider-driven data events a month than those who train staff quarterly.
The U.S. Treasury Department has sanctioned a commercial spyware co-operative called Intellexa Consortium for selling spyware used against American government officials, reporters and policy experts. Two people have also been sanctioned in connection with their work for the consortium. It operates as a marketing label for several companies that sell commercial spyware under the brand-name Predator to authoritarian governments. Last year President Biden issued an executive order forbidding U.S. agencies from directly or indirectly being involved with commercial spyware. Last month Canada, the United States, France and the U.K. were among a number of countries that promised to create international principles limiting the use of commercial spyware.
Apple has rushed out software updates for iPhones and iPads to cover security vulnerabilities. Usually they will be installed automatically, but it doesn’t hurt to check if your device has been patched. Newer devices should be running version 17.4 of the operating system. If your iPhone or iPad says it’s running the latest version of the OS but it’s not at least 16.7.6 then you have a unit that no longer takes security updates.
Finally, X has added the ability for users to make audio and video calls from the Messages part of the mobile app. Unfortunately, according to TechCrunch, your IP address can be seen. Other apps that offer calling capability, like FaceTime, Facebook Messenger, Telegram, Signal and WhatsApp also expose IP addresses. To hide your IP address in the X app go to the Message settings and turn on Enhanced Call Privacy. Those who connect to X through a browser don’t have this problem because they can’t make audio and video calls.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.