Adrian Johnson
Bullet Points:
- Nine vulnerabilities found in server firmware
- Graphic processors have a memory leak vulnerability
- Malware targeting vulnerable Docker services
- Ability to fight Androxgh0st malware
- Financial services sector facing phishing attacks
- Iranian-based threat group targeting Middle Eastern experts
Nine vulnerabilities have been found in an open-source reference implementation of a protocol that allows enterprise computers and data centre servers to boot across a network. Researchers at Quarkslab say the problems are in TCP/IP stack specification maintained by Tianocore TEE-AN-O-CoRE, a community of developers from software vendors including Microsoft, ARM, American Megatrends, Phoenix Technologies and others that use the project for their firmware implementations.
Separately, the Carnegie CERT issued a warning that general-purpose graphic processors from AMD, Apple and Qualcomm have a memory leak vulnerability. IT managers should watch for security updates from their hardware makers.
Researchers at Cado Security have warned Docker administrators to make sure their containers are secure following the discovery of malware hunting for vulnerable Docker services. The malware installs a cryptominer and a threat application called 9hits in compromised containers. The method by which the malware is spread is not currently known.
American cybersecurity authorities have issued an advisory to help Defenders fight the Androxgh0st malware that is being used to create a botnet. Targets include stealing login credentials and compromising websites
Research from Abnormal Security has highlighted that the attacks on the financial sector have seen an increase in recent years. It is suggested that IT departments try to mitigate the risk of phishing attacks by implementing appropriate defences.
The Iranian-based threat group, Mint Sandstorm, has been targeting Middle Eastern affairs experts according to Microsoft. The group is using phishing lures to trick its targets and gain access to their computers via a backdoor.
For a more comprehensive roundup of all the latest cybersecurity threats and developments, listen to the Week in Review podcast.
