July 25, 2022
David Redekop

This Week In Nerd News – July 25, 2022

THIS WEEK IN NERD NEWS 82

THIS WEEK IN NERD NEWS #82

Welcome to this week in NerdNews (TWINN) #82 Your weekly top 5 technical and security issues Nerds should pay attention to: Linux Malware is now low-hanging fruit for cyber criminals

I took some of our sons on another journey this weekend. I have this new fascination with mulberry trees that grow wild on public property. I would argue that this is the sweetest, most enjoyable fruit you’ll find in the wild in our part of the world. I’ve enjoyed them since I was about 10 years old, and still to this day, it amazes me, that I can stop on a public trail, and without strain, pick this low-hanging fruit. It’s just a matter of knowing what to look for. Oh, and the nutritional value, particularly vitamin C and iron.

Now let’s talk about a different topic and see how it relates in an odd way:

Linux Malware. 10 years ago we thought we would never use these two words together. Linux Malware?  I mean why and how would Linux even get malicious software. It’s free and open source, and anyone can theoretically inspect open source components, right?

We all heard the story of the famous bank thief, Sutton, who was asked by reporter Mitch Ohnstad why he robbed banks. Sutton replied with, “Because that’s where the money is”.

Another important piece to this reality is that the proliferation of web control panels where anyone with the right service access can click a link to deploy a new service, or feature, or application, is likely interacting with a linux system without knowing it. Linux is estimated to run about 90% of the public cloud workload!

Imagine the decision making process of a cyber criminal that has no moral compass. To them, Linux is now the low-hanging fruit, so of course the pattern we are now seeing makes sense:

YouTube video

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

This Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months after BPFDoor, Symbiote, Syslogk, and OrBit. Very few cloud servers today have any host protection at all. Of course the answer to this threat is that cloud servers must be protected with a strong security posture.

A never-before-seen Linux malware has been dubbed a “Swiss Army Knife” for its modular architecture and its capability to install rootkits.

Read More: New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems.

Macs under threat from CloudMensis spyware — what you need to know

The good news is that zero day exploits aren’t being used for this attack. It is an excellent example of where staying current with software updates mitigates significant risks.

A previously unknown backdoor has been discovered in macOS that is currently being exploited in the wild to spy on users of compromised Macs.

Read More:Macs under threat from CloudMensis spyware — what you need to know.

New Luna ransomware encrypts Windows, Linux, and ESXi systems

Say hello to cross-platform ransomware. When a product operates on multiple platforms, we need to pay more attention.

A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.

Read More: New Luna ransomware encrypts Windows, Linux, and ESXi systems.

As companies calculate cyber risk, the right data makes a big difference

An excellent example of a recommended executive thought process on cyber risk assessment that thinks beyond security concepts, can differentiate between direct and indirect costs and understands and reduces financial exposure.

The proposed U.S. Securities and Exchange Commission’s stronger rules for reporting cyberattacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cybersecurity to the highest levels of corporate leadership.

Read More: As companies calculate cyber risk, the right data makes a big difference.

TeamViewer installs suspicious font only useful for web fingerprinting

This is not cool, TeamViewer! They have agreed to remove this font in subsequent installer versions.
However, it should make us pause and think about how a similar trick could be used in an even more malicious way and protect against that.

So, here’s a bit of a mystery: Why does TeamViewer – the popular remote desktop program – install a font it doesn’t use on your computer? The abstract font (shown in the above image) doesn’t seem to serve any purpose in the software. Intentional or not, it enables websites to detect if you have TeamViewer installed on your computer.

Read More: TeamViewer installs suspicious font only useful for web fingerprinting.

Did you know?

ChromeOS Flex is an excellent way to modernize and old PC or Mac!

Need an IT professional? Request service today.