A warning to e-commerce sites, Conti ransomware gang squeezes Costa Rica and more
Welcome to Cyber Security Today. It’s Wednesday May 18th, 2022 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
E-commerce companies should be hunting for malicious PHP code on their websites. According to an FBI alert, crooks have been found injecting the code to scrape credit card data from the checkout pages of the websites of U.S. businesses. As the ZDNet news service notes, usually crooks skim websites with JavaScript code. PHP-based attacks aren’t new. But earlier this year the way they are being used changed. Threat actors have been seen creating a basic backdoor using a debugging function. Mitigations include changing the default login credentials on all IT systems and making sure all websites transferring sensitive information use secure socket layer (SSL) protocols
The Conti ransomware gang has increased pressure on Costa Rica to capitulate to its multi-million dollar financial demands. In a message Monday the gang claimed it is working with people inside the government. It also says it is trying to break into more IT systems and overthrow the government through cyber attacks. The Associated Press news agencies quotes experts as saying overthrowing the government isn’t likely the gang’s goal. But it does want to cause more disruption. The Conti gang began compromising government data in Costa Rica in April. The newly-elected government declared a state of emergency last week.
American authorities allege a heart doctor living in Venezuela is behind the use and sale of ransomware to cybercrooks. The man, who is also a citizen of France and Venezuela, faces American charges of conspiracy to commit computer intrusions and attempted computer intrusions if he is arrested and extradited to the U.S. He is allegedly behind the Jigsaw ransomware and the Thanos ransomware builder.
Attention IT administrators: Nvidia has released a software security update for the Nvidia GPU Display Driver for Windows and Linux computers. The update closes holes of 10 driver and two VGPU software vulnerabilities. The patches are needed for a range of Nvidia, GeForce, Studio and Tesla products.
Finally, devices that use Bluetooth Low Energy technology for wirelessly unlocking doors in buildings, homes and cars can be hacked. That’s according to researchers at NCC Group. They say they have developed a tool for conducting a new type of relay attack that can bypass device defences. Their technique works against some models of Kwitkset home locks as well as Tesla Model 3 and Model Y cars that use a Bluetooth Low Energy mobile app or key fob. The researchers urge the BlueTooth Special Interest Group to warn manufacturers and buyers about the risks of this kind of relay attack. Companies using these kinds of smart locks might have to think about adding an additional entrance requirement such as a hand or fingerprint reader for doors with Bluetooth Low Energy fob access.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.