October 12, 2023
In this Episode:
Marcel Brown: October 12th, 1988. Hailed by Steve Jobs as a computer five years ahead of its time, NeXT Incorporated introduces their NeXT computer. While not a significant commercial success, the NeXT computer and the technology developed for it have a long and storied history.
Edwin Kwan: Thousands of WordPress websites have been compromised by attackers exploiting a vulnerability in a popular plugin. A fixed version of the plugin has been released and users are urged to update to version 4.2 or later, immediately.
Ian Garrett: Does hearing the term “zero-trust” make you roll your eyes? More organizations are taking zero-trust from a buzzword to reality as the traditional castle-in-moat approach to security is becoming obsolete. Let’s cover some practical recommendations for implementing a zero-trust cybersecurity framework.
Mark Miller: AvosLocker, the Ransomware as a Service (RaaS) group, continues to get the attention of CISA and the FBI. Yesterday, October 11, the March 2023 joint advisory on AvosLocker was updated with the latest warnings.
The Stories Behind the Cybersecurity Headlines
Vulnerable WordPress Plugin Results in Thousands of Sites Hacked
This is Edwin Kwan from Sydney, Australia.
More than 17,000 WordPress websites have been compromised and infected by multiple Balada Injector campaigns. The campaign exploited a known vulnerability in the TagDiv Composer WordPress plugin.
The vulnerability is a cross-site scripting (XSS) flaw, and it allows attackers to inject malicious code into web pages. The plugin is a companion tool to the Newspaper and Newsmag WordPress themes. These are popular premium themes that are sold on the Theme Forest and Envato marketplaces, and have more than 155,000 downloads.
The injector campaigns were using obfuscated code, making it hard to detect. The threat actor regularly attempts to gain persistent access to the compromised website by injecting scripts that create accounts with administrator privileges. The attackers inject code which attempts to redirect visitors of the compromised website to sites under the attacker’s control.
A fixed version of the plugin has been released and users are urged to update to version 4.2 or later, immediately.
– Ars Technica: https://arstechnica.com/security/2023/10/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-plugin-vulnerability/
– Security Week: https://www.securityweek.com/recently-patched-tagdiv-plugin-flaw-exploited-to-hack-thousands-of-wordpress-sites/
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/over-17-000-wordpress-sites-hacked-in-balada-injector-attacks-last-month/
5 Tips to Take Zero Trust from Buzzword to Implementation
Does hearing the term “zero-trust” make you roll your eyes? More organizations are taking zero-trust from a buzzword to reality as the traditional castle-in-moat approach to security is becoming obsolete. Let’s cover some practical recommendations for implementing a zero-trust cybersecurity framework.
Hey folks, this is Ian Garrett in Arlington, Virginia.
Despite increased investment in cybersecurity, organizations continue to face threats due to human error and attacks on applications. Users often engage in risky online behavior, while attackers target internet-facing apps and exploit vulnerabilities. This has rendered the traditional perimeter-based security model inadequate. Zero-trust is an approach that challenges the concept of implicit trust. It assumes that no user, application, or device should be inherently trusted. In this model, verification occurs at multiple points rather than at the network perimeter.
The US government has mandated the adoption of zero-trust for its agencies and contractors.
Tip 1. Start with a modern approach. Implementing zero-trust requires a ground-up approach rather than simply layering security on top of existing infrastructure. Avoid adding complexity and loopholes by building security into the architecture from the beginning.
Tip 2. Reduce the attack surface. If you’re reachable, you’re breachable. Keep applications and servers behind a security cloud to prevent direct exposure to attackers.
Tip 3. Utilize segmentation. Zero-trust encourages micro-segmentation, allowing organizations to segment networks, workloads, and applications at the granular level. This limits lateral movement in the case of a breach, containing threats and preventing malware spread.
Tip 4. Implement fine-grained user access. Human error is a significant threat. In a zero-trust model, users are granted access only to what they need, following the principle of least privilege. Contextual parameters like time of access, location, and device should be considered in authentication.
Tip 5. Prioritize user experience. A seamless user experience is vital for the success of a zero-trust project. When implemented correctly, the user experience can improve, reducing internal friction.
User-friendly authentication and access procedures are key.
CISA and FBI: AvosLocker Ransomware (Update)
AvosLocker, the Ransomware as a Service (RaaS) group, continues to get the attention of CISA and the FBI. Yesterday, October 11, the March 2023 joint advisory on AvosLocker was updated with the latest warnings.
The update advises four actions to take immediately to lower the impact of AvosLocker and other types of ransomware. You’ve heard these before, but it’s always good to have a reminder.
– Number One: Secure remote access tools. Yeah, kind of obvious.
– Number Two: Restrict RDP and other remote desktop services.
– Number Three: Secure PowerShell and or restrict usage. Yeah, PowerShell, that’s a new one to kind of pop up there that the adversaries are actually using tools that you’re using.
– Number Four: update software to the latest version and apply patching updates regularly. Yeah, you’re already doing that already, right?
This is Mark Miller, Executive Producer of It’s 5:05.
One of the key points to the advisory is that AvosLocker affiliates compromise organizations networks by using legitimate software and open source remote system administration tools. The adversaries are using the same tools and techniques sysadmins are using for remote access; Splashtop Streamer, Tactical RMM, Putty, Anydesk, PDQ Deploy, and Altera Agent. There’s a lot more to the update, including technical details, indicators of compromise, and mitigations.
I’ve put a link to a downloadable resource at the bottom of today’s episode at 505updates com.
– CISA: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a
This Day, October 12, in Tech History
October 12th, 1988. Hailed by Steve Jobs as a computer five years ahead of its time, NeXT Incorporated introduces their NeXT computer. Due to its cube-shaped case, the computer was often referred to as the “Cube,” or the “NeXT Cube,” which led to the subsequent model officially being named NeXTCube. The new computer introduced several innovations to personal computers, such as including an optical storage disk drive, a built-in digital signal processor for voice recognition, and an object-oriented development environment that was truly years ahead of its time. While not a significant commercial success, the NeXT computer and the technology developed for it have a long and storied history. Tim Berners-Lee developed the first World Wide Web server and web browser on a NeXT computer, crediting the NeXT development tools for allowing him to rapidly develop the now ubiquitous internet system.
After Apple purchased NeXT in 1997, they used the operating system of the NeXT computers to form the base of Mac OS X. Eventually, Apple’s iOS, which runs the iPhone and iPad, was itself based upon Mac OS X, and hence draws its lineage from NeXT. Finally, the object-oriented development environment that Berners-Lee used to create the World Wide Web is the forerunner of the development environment that today’s programmers use to develop iPhone and iPad apps.
If it wasn’t for the NeXT computer back in 1988, many of the technologies we make use of today may have evolved very differently.
That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.
– This Day in Tech History: https://thisdayintechhistory.com/10/12