Ransomware running from a webcam. ESP32 hidden commands. Critical PHP RCE mass-exploited.  

News

Hi friends,

Here's this week's attempt to keep up with security news! :-) Enjoy the read and have a good end of the week!

Cheers,

Dieter Van der Stock

Ransomware gang encrypted files from a webcam to bypass EDR

Interesting write-up of a ransomware attack, that first failed because the company's EDR solution detected and blocked the encryption malware on their Windows machines. The attackers then pivoted to a vulnerable webcam, which didn't have EDR installed and ran Linux, and proceeded to mount the company files as SMB shares and encrypt them from there. Not something you see every day.

Related, here are two other "mind your camera's" articles from last week, it seemed to be a theme:

  • Unpatched Edimax IP camera flaw actively exploited in botnet attacks: link.
  • Massive botnet that appeared overnight is delivering record-size DDoSes: link.
bleepingcomputer.com

Undocumented commands found in ESP32 chip used by a billion devices

This made some headlines this week, but doesn't seem to be as bad as you'd think. It's about how the ubiquitous ESP32 microchip, made by Chinese manufacturer Espressif and used by over 1 billion IoT devices, contains undocumented commands that could be leveraged for attacks. Not for actual remote attacks though, but rather ways to maintain a presence on the devices once you already hacked into them. Good Hackernews thread on this here.

bleepingcomputer.com

Developer guilty of using kill switch to sabotage employer's systems

A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company.

bleepingcomputer.com

Critical PHP RCE vulnerability mass exploited in new attacks

For those running PHP on Windows, this is worth double checking your patch cycle for. It affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code.

bleepingcomputer.com

Chinese cyberspies backdoor Juniper routers for stealthy access

Good cautionary tale against running end-of-life network equipment.

bleepingcomputer.com

Quick links

  • Texas border city declares state of emergency after cyberattack on government systems: link.
  • US govt says Americans lost record $12.5 billion to fraud in 2024: link.
  • Google paid $12 million in bug bounties last year to security researchers: link.
  • Trump nominates Plankey to lead CISA: link.
  • New Chirp tool uses audio tones to transfer data between devices: link.

1Password for developers: secrets, SSH keys, and more

I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.