IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

LULU ransomware encrypts files on Linux systems

    Linux™ operating systems are sometimes overlooked as targets for malware due to the smaller pool of victims compared to more popular operating systems. With the reduced number of targets, the attacker is incentivized to direct their efforts towards a richer hunting ground. But despite that, the lilu (or lilocked) ransomware targets solely Linux based web servers. It has infected over 6000 servers so far and looks to continue for the foreseeable future.

Does Anyone Else Know Where Your Children Are

    Keeping track of your child’s whereabouts has never been easier. A quick search on Amazon shows thousands of entries for low-cost GPS trackers designed to be worn by children and linked to an app on the parent’s smartphone. However, the appeal of the low cost comes at a much larger price. Researchers from Avast found a handful of vulnerabilities in 29 models of GPS trackers made by Chinese company Shenzhen i365.

Intentional Backdoor Webmin RCE Vulnerability

    When Turkish researcher Özkan Mustafa Akkuş publicly disclosed a Remote Code Execution (RCE) vulnerability in the Webmin application at DefCon this month, the Webmin developers went into emergency overdrive mode to fix this issue ASAP. While the ethics of Akkuş’ disclosure without notifying the Webmin team first are certainly questionable, the vulnerability itself is severe and had been hidden for over a year.

The Syrk ransomware

    The Syrk ransomware, first reported by researchers at Cyren Security, disguises itself as a cheating device for the multiplayer Hunger Games style video game Fortnite. It proclaims the ability to provide aim assistance as well as player location revealing abilities. It doesn't provide any of these capabilities and instead installs an open source ransomware, Hidden-Cry with a .syrk extension.
   

SQLite Heavy Vulnerabilities

Researchers at CheckPoint unveiled a method that could allow malicious actors to exploit programs that query SQLite databases. The findings were presented at the DEFCON cybersecurity conference last weekend by Omer Gull, a vulnerability researcher at CheckPoint. The researchers found that by overwriting a non-malicious SQLite database with a specially crafted malicious one, they can achieve remote code execution. SQLite is a C-language library that enables a fully self-contained SQL database engine.

VxWorks operating system Critical Vulnerabilities Found in Millions of Devices

    The Armis research team recently revealed 11 vulnerabilities, ranging from denial of service to remote code execution, affecting the VxWorks operating system. VxWorks is a real time operating system used in millions of embedded devices, from consumer electronics to medical devices. The vulnerabilities discovered bypass most forms of security and can even be used on the devices designed to secure the infrastructure if they utilize VxWorks.

IRS Warns of New Email Scam

The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted recipient’s tax refund, return, or account. The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website.

Rubys in the Rough

    The Ruby programming language is a high level general-purpose programming language that was developed to focus on being Object oriented when the options for it were few and the creator found them lacking. The language uses a package manager called RubyGems to have a standardized platform for managing programs and libraries. 

Pages

Subscribe to RSS - Jay Ferron's blog