Hello, Monday! Just call it Metasoft. Meta and Microsoft are joining forces for a VR workspace partnership that they hope will revamp the workplace.
In today’s edition:
 Browser bait
🗳 Commonwelp
—Billy Hurley, Tom McKay, Patrick Lucas Austin
|
|
Mickey McDougall
Like your friend on a road trip or that new Love Boat reboot, an info-stealing malware has gone in a different and concerning direction.
According to a report from the cyberthreat-detection provider eSentire, the malicious code known as “SolarMarker” has headed to WordPress, disguising itself as a Chrome browser update.
Though not a new attack, the “watering hole” method manipulates well-known sites that end-users may trust—and legitimate Windows processes that detection tools may trust.
“They’re effective because individuals don’t suspect them really. By leveraging reputable websites, we don’t see these attacks coming,” said Jonathan Broche, director of penetration testing at MorganFranklin Consulting’s cybersecurity practice.
What is a watering-hole attack?
- Thirsty threat actors compromise a page that a certain group of users frequently visits—then a popular site becomes, in effect, a popular malware deliverer, maybe without a site owner even knowing.
-
As early as 2013, hackers redirected US Department of Labor site visitors to the Poison Ivy Trojan. Other high-profile instances of watering holes include a compromise of CCleaner software in 2017, a 2019 “Holy Water” attack that hit charity websites, and a targeting of Hong Kong-based sites in 2021.
-
The malware is frequently a remote access trojan (RAT), enabling the attacker to gain control of a target’s system.
What went pwn. The victim, according to the eSentire report, was an employee of a tax-consulting organization. The end-user, after searching for a medical-equipment manufacturer, landed on a WordPress site that served up a prompt to update Chrome.
The message tricked the user into downloading SolarMarker.
SolarMarker employs the legitimate scripting language PowerShell. PowerShell’s .NET assembly functions load and execute the malicious backdoor. The use of a trusted Windows process means the code is difficult to detect, according to an email by Keegan Keplinger, research and reporting lead at eSentire.
Read more here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.
|
|
TOGETHER WITH TERRANOVA SECURITY
|
|
Look! In the code! It’s an antivirus update! It’s a firewall! No, it’s a real human IT pro keeping malware and phishing attacks at bay!
Let’s be real: Cybersecurity too often forgets about the people behind the screens.
Until now. Terranova Security is here to bring the best in security awareness content to users looking for a people-centric defense against cyber attacks. It’s about more than just protective tech—it’s about training real-life cyber heroes dedicated to saving the day.
Want to grow your superpowers? Take a peek into Terranova Security’s Definitive Guide to People-Centric Security Awareness to discover secrets of the trade, like:
- The powers of a personalized training campaign
- How to collaborate with a security awareness partner
- Step-by-step guidance with the security awareness 5-step framework
Create your virtual caped crusaders here.
|
|
Francis Scialabba
A summer’s worth of work was dumped on Virginia election staffers just over a month before the midterm election because of computer network issues.
A total of 107,000 voter records went unprocessed until October 5. The records were sent in through the commonwealth’s DMV, and were intended to update addresses, register to vote, and make other changes to voting status.
Virginia Elections Commissioner Susan Beals said in a statement that the problem stemmed from unspecified “intermittent network issues.”
“No voter registration data was lost, but the issue will cause an increase in processing voter registration applications at the local level,” Beals said.
That’s going to be a heavy lift for registrars, who are now essentially going to be forced into overtime to make up the difference.
“Every registrar’s office could use about 10 more people right at this moment,” Chesterfield Registrar Missy Vera told the Richmond Times-Dispatch.
Help! It’s unclear how exactly the problem started, but the Washington Post reported that Governor Glenn Youngkin, a Republican who won the gubernatorial race last year, had his administration shut down Virginia’s main voter registration system VERIS in April and May for an update. The VERIS system is 15 years old.
Read more here.—EH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.
|
|
Francis Scialabba
Today’s top IT reads.
Stat: 95%. That’s the proportion of surveyed security professionals still using VPNs, but 65% plan to implement alternatives to the technology. (TechTarget)
Quote: “You’d have services going down and the people remaining not having the institutional knowledge to get them back up.”—Surge AI CEO Edwin Chen on leaked plans from Elon Musk to cut Twitter’s workforce by about 75% (the Washington Post)
Read: TikTok parent company ByteDance planned to use the video app to spy on specific US citizens. (Forbes)
Deploy with confidence: Pushing code to prod is scary. Bugs, monitoring issues, sudden outages—anything could happen. AWS AppConfig Feature Flags help you launch the goods without restarting your app. Deploy safely at scale with AppConfig Feature Flags now.*
*This is sponsored advertising content.
|
|
Check out the IT Brew stories you may have missed.
|
|
What’s up, healthcare industry pros? Great news, today we are launching the latest addition to the Brewniverse: Healthcare Brew. Join a community of fellow healthcare workers and stay up to date on everything from EMRs and telehealth, to online pharmacies, health tech, and more.
Subscribe now to catch today’s very first issue.
This editorial content is supported by ConnectRN.
|
|
|
