Sunday, May 28, 2023
HomeCybersecurity NewsCybersecurity news weekly roundup January 2, 2023

Cybersecurity news weekly roundup January 2, 2023

SAN MATEO, CA, January 2, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Google Home smart speakers can be transformed into wiretapping devices

A bug bounty of $107,500 was awarded to a security researcher who discovered a way backdoors are installed in Google Home smart speakers that turn them into eavesdropping devices. According to the researcher, who goes by the name Matt, the bug “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN.” Read more.

Netgear: patch your routers immediately

A pre-authentication buffer overflow vulnerability affecting Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6) and Wireless AC router models has been issued by Netgear.  The company strongly urges all users to patch their hardware immediately, as a successfully exploited bug of this nature can lead to arbitrary code execution. A series of steps need to be carefully followed to ensure that your system is properly protected, which can be found here: Read more.

Malvertising Google Ads campaign targets victims via typosquatting

Some of those searching for popular software such as AnyDesk, Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, MSI Afterburner, Slack and Zoom have been victimized by a Google Ads campaign that uses typosquatting to direct victims to fraudulent websites where they download malware posing as legitimate apps. Thus far, the campaign has mainly targeted users in the US and Canada and has misled them into downloading cryptocurrency miners and information stealers. Read more.

Thousands of Citrix servers remain unpatched and vulnerable

Researchers at NCC Group’s Fox IT team report that thousands of Citrix servers are vulnerable to attack, as they have not been updated with patches that fix two critical bugs. The first, CVE-2022-27510, is an authentication bypass that lets an attacker gain “unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection.” The second, CVE-2022-27518, “allows unauthenticated attackers to perform remote command execution on vulnerable devices and take control of them.” CVE-2022-27518 had already been exploited in the wild when its patch had been issued. Users of Citrix ADC and Gateway deployments are urged to update their systems immediately. Read more.

APT hackers now using malicious Excel add-ins for intrusion

As Microsoft has blocked Visual Basic for Applications macros for downloaded Office files, hackers have had to get creative with their tactics. According to researchers at Cisco Talos, APT actors are now turning to Excel add-in files as an initial intrusion vector. XLL files appear to be favored, as they “can be sent by email, and even with the usual anti-malware scanning measures, users may be able to open them not knowing that they may contain malicious code.” Ekipa RAT, having been updated to accommodate for Microsoft’s recent new defenses, incorporates XLL add-ins and demonstrates hackers’ ability to keep up with changing protocols and blockages in their efforts to access private data. Read more.

Hive ransomware group attacks Louisiana hospital

The Lake Charles Memorial Health System, the largest medical complex in Lake Charles, Louisiana, reported a ransomware attack in October of 2022 that affected almost 270,000 patients. The Hive ransomware group has claimed credit for the attack, having published the stolen information on its data leak site. The hospital offers complimentary credit monitoring for those whose Social Security numbers were compromised in the attack. Read more.

GuLoader evading security by employing new techniques

Malware lander GuLoader has been using a range of advanced techniques to evade security software, according to researchers at CrowdStrike. As per their report, scans for virtualization software, “redundant code injection mechanisms,” anti-analysis and anti-debugging tricks and other methods are employed by GuLoader to sneak through defended systems. The evidence reveals that GuLoader continually evolves and changes to remain dangerous. Read more.

Researchers develop Android eavesdropping software

Researchers from five American universities (Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University) has created EarSpy, an attack designed to see how threat actors can use Android devices for eavesdropping. EarSpy works by, “capturing motion sensor data readings caused by reverberations from ear speakers in mobile devices.” Researchers have noted that it can use this information to discern a caller’s gender, identity and private speech. Read more.

More cybersecurity news

Derek Walborn
Derek Walborn
Derek Walborn is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

Cybersecurity news weekly roundup January 2, 2023