HUB Security
Published in

HUB Security

Open-Source Sabotage 💣 BadUSB Attacks 🔌 Broward Breach 🏥 & VMware Horizon Hacked 🧑‍💻

HUB Weekly Digest of Cyber Security

Hi dear readers. Welcome to the HUB Weekly Digest, where we cover cyber security top stories from the past week. This is the place for you to stay up to date not only on news stories, but also to get acquainted with best-practice and mitigations methods, as well as our cutting-edge cybersecurity technologies.

This week our stories are:

💣 The story of open-source sabotage is a supply-chain attack

🔌 The hazards of BadUSBs and how to protect yourself against them

🏥 IT consideration for healthcare institutions

🧑‍💻 UK’s NHS issues a warning on Log4j vulnerability in VMware Horizon

💣 I’m Tellin’ Y’all, It’s an Open-Source Sabotage

The story of the open-source engineer who went evil has been circulating on the internet for the past week. For whatever reason, this open-source developer has thought that it is a good idea to corrupt the lines of code that he wrote and that many people around the world use. The result was not pretty, with numerous apps having to be shut down (Sources: Bleeping Computer, Silicon Republic)

“The sabotaged versions cause applications to infinitely output strange letters and symbols, beginning with three lines of text that read ‘LIBERTY LIBERTY LIBERTY’.”

HUB’s perspective: As a matter of fact this is a classic supply chain attack. When using open-source, every update should go through sandboxing and testing, and only then get to be deployed into production. In addition, code review and application testing should be done. HUB security provides a mechanism to approve that the testing process has been completed successfully before allowing updates to critical environments.

🔌 BadUSBs: How Severe Is Such an Attack & Defense Methods

Hackers can intrude in various ways. A phishing campaign is just one possibility. Privileged access can also be obtained using more ‘analog’ techniques. Sending faulty USBs by mail is one such method that has acquired this title. Unbeknownst to the users, an innocent-looking envelope is delivered to them, purportedly by Amazon or another company. When the victim inserts the BadUSb into its computer, the attacker gains very broad access to resources, since he now has access to the device itself. (Source)

HUB’s perspective: Any USB attack starts with a user lack of awareness. All users in an organization should go through security awareness training and tests to make sure users are not falling to human-based attacks.

HUB Security prevents privileged users from doing anything they want. In addition, critical operations would require a second approver. This helps to reduce the risk of malware initiated by USB or other scams because the malware would not be able to run the unauthorized commands. The core concept behind this line of defense is to safeguard the most critical assets of the organization.

🏥 It’s a Hack via a 3rd-Party (and I’ll Cry If I Want To)

Another healthcare institution is making news as a result of data breaches. It’s Boward Health this time. One of its third-party medical providers, who had network access, was hacked. As a result, the personal information of around 1.3 million people was stolen. Date of birth, physical address, financial or bank information, Social Security number, insurance information and account number, medical information and history Condition, treatment, and so on were among the stolen data. (Source)

“Stolen data is often bartered privately in hidden dark web forums, so it could be too early to see signs of abuse in the wild”

HUB’s perspective: Healthcare is a prime target for attacks. Healthcare is lean on IT and therefore requires many third parties to help in daily administration and maintenance. Every thirds-party should be considered as an IT user, and therefore should implement appropriate controls. MFA or passwordless authentication is paramount.

HUB Security solution treats all users the same. If specific access wasn’t defined, it would not get into the critical application and data. In addition, all communications are authenticated and signed, assuring the authenticity of every operation. Therefore a hacker wouldn’t be able to access the system and data, even if he hacked into one of the third-party systems.

🧑‍💻 Hackers Find New Log4j Exploits — This Time it’s VMware

Hackers are actively targeting Log4J vulnerabilities, according to the UK’s National Health Service (NHS). An ‘unknown threat group’ is attempting to exploit a Log4j vulnerability in VMware Horizon servers to create web shells that might be used to distribute malware and ransomware, steal confidential information, and carry out other malicious actions. (Source)

“The attacks being warned against exploits the Log4Shell vulnerability in the Apache Tomcat service embedded within VMware Horizon…the attack uses the Lightweight Directory Access Protocol (LDAP) to execute a malicious Java file that injects a web shell into the VM Blast Secure Gateway service”

HUB’s perspective: This shows that even a clean desktop/client control (which is a good security practice) is not sufficient to protect applications and data. HUB Security protects your core applications and data without any way to bypass security controls.

VMware logo

Subscribe to HUB Security’s Medium for more cybersecurity news and insights, and everything related to #cyber and #security.

You can also stay up to date via our LinkedIn and Twitter or join our monthly Newsletter.

--

--

--

HUB Security is a highly secured cyber security and confidential computing platform. On our Medium page we share weekly cyber stories, events and news.

Recommended from Medium

DAOSquare Bistro is Opening Soon!

Dogecoin (DOGE) was launching on Coinbase Pro again?

15 Tips About Quantum Encryption From Industry Experts

How to Avoid Wasting Time on False Positive

Identity and Access Management Components

The Credit Card, How Does Magic Happen?

Symantec TLS Certs Will Soon Be Extinct

Mobile Device Forensics — iOS 14 Manual Forensic Acquisition and User Data Population

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avner Cohen

Avner Cohen

Knowledge into stories, dawn to dusk. It’s a tiresome job, but someone’s gotta do it.

More from Medium

What Is Penetration Testing? — Informer

LAPSUS$ Shines Spotlight On Juvenile Extortionists

[HTB] Horizontall Writeup

Beep HTB Writeup