Cyber Security Today, Wednesday April 13, 2022 – Updated malware attacks a Ukraine power company, the RaidForums darkweb site is seized, a new Hafnium attack and more patches issued

Updated malware attacks Ukrainian power company, RaidForums darkweb site was seized, a new Hafnium attack and released several patches.

Welcome to Cyber ​​Security today. It’s Wednesday, April 13, 2022. I’m Howard Solomon, a cyber security reporter for ITWorldCanada.com.

Russian war threat group known as Sandworm has reportedly reached into the past because of its latest cyber attack on Ukraine. According to security researchers at ESET, last Friday Sandworm posted an updated version of a piece of malware that it successfully used in 2016 to temporarily crash part of Ukraine’s electricity grid. The latest victim was also an electricity supplier. The original malware, called Industroyer, tracks network-connected industrial controllers. Industroyer2 is a little different: it goes for devices that only use the IEC-104 protocol. It then releases a new version of the destructive CaddyWiper malware to attack those devices. CaddyWiper was first discovered in March after an attack on a bank in Ukraine. There was also a third piece of malware deployed against the energy company last week, another wiper that destroys servers running Linux and Solaris. ESET is not sure how the attackers compromised the energy company last week, or how it switched from IT to the industrial control system network. IT administrators should be familiar with this malware in case it is used in other countries.

On the other hand on cyber warfare, the British news agency The Telegraph reports that the hacker group claims to have compromised servers in the Russian space agency, while the hacking group Anonymous claims to have hacked three more Russian companies and leaked their emails.

published by the US and Europol seizure of a website called RaidForums, a criminal market where stolen data was bought and sold. The U.S. has also uncovered six criminal charges against the site’s founder and chief administrator. He was arrested in January in Romania, where the United States requested his extradition. The investigation was carried out with the help of Europol, as well as police in the UK, Sweden, Romania, Portugal, Germany and other law enforcement agencies.

Hafnium Threat Group based in China has a new offensive campaign against telecommunications companies, ISPs and data firms. According to Microsoft, this has been going on since last August. Uses a hole in the Rest API of Zoho’s ManageEngine, an identity and access management authentication package. As part of the attack, a new malware called Tarrask is being used, which is hidden in the Windows Task Scheduler. He then performs the tasks that the attacker wants. This link to the report includes compromise indicators that security teams should look for.

Attention IT administrators: If your company’s staff uses an AWS Client VPN to remotely connect to servers and data on the AWS platform, make sure you use the latest version. This is because a serious vulnerability has been found. According to researchers at Rhino Security Labs, an attacker can compromise a client. The new version that users should have is 3.0.

Another update warning comes from HP and the Remote Desktop Utility it now owns called Teradici PCoIP. There are major vulnerabilities in clients and graphics agents that need to be patched with the latest updates. These are tools used not only in Windows, but also in Linux and macOS. According to a newspaper report, these Teradici products are available not only from HP but also from other suppliers.

finally, Yesterday was Patch Tuesday, when a number of IT companies released patches or security updates for their products. These include Microsoft and SAP. SAP administrators should note that one of them is fixing a serious hole in HANA Extended Application Services. For each vendor, make sure the patches have priority and are applied as soon as possible.

You can follow Cyber ​​Security today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.