Dozens of cities and towns are paying tech workers to abandon Silicon Valley
Cities and towns across the U.S. are seeking to attract skilled employees to live there while working remotely for their emplyers. The number of programs has grown to 71, from 24 in October, according to the Indianapolis-based company MakeMyMove, a company that is paid by cities and towns to set up such programs. Some of the companies whose employees are involved in a remote worker incentive program in Tulsa, Okla. include Adobe, Airbnb, Amazon, Apple, Dell, Meta, Google, IBM, Microsoft, Lyft, Netflix, Oracle and Siemens. n some cases, local governments are offering up to $12,000 in cash “along with subsidized gym memberships, free babysitting and office space.”
CISA orders agencies to patch new Windows zero-day used in attacks
According to BleepingComputer, “CISA has now added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.” Tracked as CVE-2022-22047, this is a high-severity flaw that impacts server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. A patch was released by Microsoft as part of July Patch Tuesday, but it was also classified as a zero-day since it had been abused in attacks before a fix was made available. If exploited, the vulnerability could gain SYSTEM privileges. It was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
Password recovery tool infects industrial systems with Sality malware
“A threat actor is infecting industrial control systems to create a botnet through password “cracking” software for programmable logic controllers,” says BleepingComputer. A selection of password recovery tools was advertised on social media platforms, promising to “unlock PLC and human-machine interface terminals from Automation Direct, Siemens, Mitsubishi, LG, and many other manufacturers.” The tool also delivers a malware called Sality, which creates a peer-to-peer botnet for tasks that demand distributed computing to complete, such as password cracking and cryptocurrency mining.
Thousands of websites run buggy WordPress plugin that allows complete takeover
Threat actors have reportedly scanned almost 1.6 million websites “in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.” CVE-2021-24284 Kaswara Modern WPBakery Page Builder Addons. Once exploited, it can facilitate the uploading of malicious JavaScript files and take over an organization’s website. According to The Register, Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks.
Thanks to today’s episode sponsor, 6clicks
Hive ransomware decryption key released as gang evolves its tactics
A decryption key for malware from Hive has been released been released by a malware analyst and reverse engineer known publicly as reecDeep. This was done following an increase in activity from the Hive gang over the past three months. Hive has reportedly also switched to more complex coding in Rust, which is harder to decrypt, making the key even more valuable. “Hive has been ramping up activity in recent months, particularly targeting healthcare organizations. In May, the gang was named by the US Department of Health and Human Services as one of the top-five cybercrime gangs that attacked healthcare services in Q1 2022, with Hive taking credit for 11% of attacks.”
Canadian airlines suffer delays and cancellations due to outage
Canada’s air navigation service provider Nav Canada suffered an outage on Thursday, impacting air travel across Western Canada. The cause was a disruption in the network of Colorado-based telecommunications provider Zayo based in Colorado, which Nav Canada uses in parts of the country’s western region. This was not a cyberattack, but was instead caused by a train derailment that disrupted two key fiber lines managed by one of Zayo’s fiber providers in Canada.
(The Record and the Toronto Star)
LendingTree denies connection to data breach affecting 200,000, but confirms a different one
LendingTree has denied “any connection to a reported data breach involving 200,000 loan applications found on the dark web, although the company did confirm that the information of tens of thousands of customers was exposed in a separate breach in February.” LendingTree director of communications Megan Greuling told The Record, “Our investigation determined that this [200,000 name] data leak did not originate at LendingTree. In fact, we obtained the full data set and found there to be no match when compared to our consumer database.” She added that notifications the company did send out were in response to a “code vulnerability” in LendingTree’s platform that exposed the sensitive information of more than 70,000 customers in February.