Cyber ​​Security Today, November 29, 2021 – Ikea victim of phishing attack, discovery of elusive JavaScript loader and discovery of malware hidden in Linux calendars

0

Ikea victim of phishing attack, discovery of elusive JavaScript loader and discovery of malware hidden in Linux calendars.

Welcome to cybersecurity today. It’s Monday, November 29. I’m Howard Solomon, contributing author on cybersecurity for ITWorldCanada.com.

International furniture retailer Ikea fought a cyberattack through its messaging system. According to news service Bleeping Computer, a hacker uses legitimate employee email addresses to distribute malicious attachments to other Ikea employees. These phishing emails may also appear to come from Ikea partners and suppliers. Usually, victims click on a file that contains malicious Microsoft Excel document. To run the document, the victim must then click a button to activate content or activate editing. Most smart IT departments have disabled this feature because this is how malware is spread. Employees should be repeatedly warned that malware can be found in email attachments that appear to be from colleagues, friends, and business partners. They should be trained to always ask a knowledgeable IT professional before disabling security features in productivity suites such as Microsoft Office.

it is not a surprise that malicious actors use infected attachments to compromise employee computers. But HP researchers have discovered a new campaign that uses an elusive JavaScript loader to initially compromise computers. After infection, the loader distributes a variety of remote access Trojans, which allows an attacker to gain secret access to the system. The second-stage malware variety suggests that whoever created the loader, which HP calls RATDispenser, may be operating a malware-as-a-service business. Network advocates can prevent infections by blocking executable attachment file types like JavaScript or VBScript from passing through their email gateways. They can also change the default file manager for JavaScript files by only allowing digitally signed scripts to run or by disabling Windows Script Host.

Drug manufacturing and research organizations in the life sciences and biotechnology sectors are warned that their computer systems can face an attack by a very sophisticated threat actor. This alert from the Bioeconomy Information Sharing and Analysis Center comes after the discovery in October of advanced persistent malware in a company. It was the second found at an establishment this year. According to the researchers, the first detection came following a ransomware attack. They believe that this complex malware is aimed specifically at bioproduction and research organizations. Researchers say organizations need to ensure proper segmentation between corporate and manufacturing or operational networks. Defenses against phishing are paramount.

ultimately, malicious actors try to hide their malware in multiple places on computer systems to prevent it from being detected. Researchers at a cybersecurity company called Sansec have found a remote access Trojan hidden in a new location in several online shopping systems: hidden in the calendar subsystem of Linux servers under the date ” February 31 ”. As you all know, February does not have 31 days, so few computer security systems would detect it. The real goal of this malware is to steal data from buyers’ credit and debit cards. Usually, cyber crooks try to inject this type of data theft malware into a browser. However, more and more payment card theft malware is hidden in the servers.

That’s it for now Remember that the links to the details on the podcast stories can be found in the text version at ITWorldCanada.com. This is where you will find other stories of mine as well.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.


Source link

Share.

About Author

Comments are closed.