This week on The Threat Show, Darien and Chris cover a diverse range of threats, from a 10 year old bug that led to the 3CX supply chain attack we covered last week, to a new vulnerability affecting Samba and small businesses who host sensitive information in Samba’s active directory. Then, a compromised tax filing service that could install malware on everyday taxpayer’s computers. Finally, we go over another example of a naming snafu between a former cybersecurity vendor and a current ransomware group, expanding on our conversation surrounding the need for consistency and clarity in the language security practitioners use.
Threat Landscape (01:11)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (03:20)
Last week’s 3CX supply chain attack was caused by a 10-year-old Windows vulnerability. This vulnerability was known and fixed in 2013, but Microsoft also realized that their fix could cause other apps like Google Chrome to break. As a result, it became an ‘opt-in’ fix, leading to unintended consequences.
Critical Samba vulnerabilities easily allow hacking of servers (06:55)
Samba is an open source software compatible with Windows file sharing protocol. It can also be used to mimic a Windows Active Directory Domain Controller (ADDC), but unfortunately this has allowed for a vulnerability where attackers can anonymously steal private information from a Samba ADDC.
IRS-authorized eFile.com tax return software caught serving JS malware (12:09)
A third party tax service, eFile.com, was recently compromised and was caught serving javascript malware that could ultimately install full blown malware on your system. Attackers will take advantage of current and especially time sensitive events like this to take advantage of victims.
New Cylance Ransomware Targets Linux and Windows, Warn Researchers (15:06)
Cylance is a ransomware group targeting Windows and Linux devices and using the name of a former Endpoint Detection and Response (EDR) vendor, Cylance, that was acquired by BlackBerry. This is likely a tactic to get people to confuse their ransomware with a trusted software rather than see it as a threat.
