Cyber News Banner 2021-08-16 Edition

Latest Cybersecurity News 2021-08-16 Edition

Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news

Weekly CyberTip: Disable Unused Services

Many Windows-based cyber attacks exploit flaws in services running on a server or workstation computer. While patching is always recommended, it’s even safer to disable unused services on your systems. Aside from improving performance, having fewer services can reduce your exposure to vulnerabilities – both known and zero-day – on those systems.

“White Hat” hacker returns most of stolen Poly Network cryptocurrency

Just days after being victimized in one of the largest thefts in decentralized finance (DeFi) history, exchange platform Poly Network reports that almost all of the funds have been returned by the hacker. 

Poly Network provides interoperability services across blockchains including Bitcoin, Ethereum and Binance Smart Chain. The system is orchestrated by “smart contracts” that instruct different blockchains to release exchange assets to the various parties involved in a transaction. One of Poly Network’s smart contracts was used to manage higher-liquidity assets to facilitate swapping tokens between blockchains.

On August 10, Poly Network lost over $611 million (all figures USD) from its digital asset exchange when an unidentified hacker – now known only as “White Hat” – exploited “a vulnerability between contract calls,” according to multiple reports.  

In the initial incident, about $273 million was stolen from Ethereum, $85 million from Polygon Network, and $253 million from the Binance Smart Chain, all through Poly Network.

Shortly after news spread of the theft, the hacker began returning the assets, amid suggestions that the theft was committed only to prove a point about security weaknesses in the virtual currency system. In messages over the course of the week, the hacker claimed they had carried out the theft “for fun” and that it was “always the plan” to return the purloined virtual funds.

In a series of tweets Thursday, Poly Network suggested that the process for recovering the stolen assets was well underway, and that all assets except for $33M worth of USDT on Ethereum (currently blacklisted by centralized stablecoin provider Tether, but expected to be released shortly) had been returned.

Poly Network also tweeted that the vulnerability that was exploited has now been fixed, while asking for security community assistance in auditing their system’s core functionality.

The breach of confidence created by this incident will surely heighten current calls for regulation and oversight of the massive cryptocurrency market. While the majority of activities in the virtual currency world are legal, the crypto world remains a haven for criminal activity from ransomware collection to money laundering.

woman placing sticky notes on a white wall with 5 other individuals in the room with laptops

Two reports emphasize importance of cybersecurity training

Security analysts ESG & ISSA have released The Life and Times of Cybersecurity Professionals 2021 Volume V. Among their findings was that training and career advancement are among the top factors for job satisfaction among cybersecurity professionals. The report identifies Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM),  CompTIA Security+, Certified Information Security Auditor (CISA), and Certified Ethical Hacker (CEH) as the most commonly chosen certifications among techs today.

The report goes on to state: “Based upon [survey] data, aspiring and advancing cybersecurity professionals should take a balanced approach to skills development… hands-on experience should be supplemented with the appropriate security certifications on an as-needed basis.”

Business and technology website ZDNet appears to agree. ZDNet recently published a list of recommended cybersecurity certifications, most matching those cited in ESG & ISSA survey and report.

Both analyses are helpful resources for people interested in pursuing a career in cybersecurity, or for current professionals looking to deepen their understanding of particular subject areas.

microsoft computer booting up

Another day, another Windows print spooler vulnerability

Just a day after releasing patches that included bugs fixes for the Windows print spooler, Microsoft has issued an advisory for yet another zero-day Windows print spooler vulnerability. Tracked as CVE-2021-36958, this latest addition to the PrintNightmare class of operating system bugs potentially allows local attackers to gain SYSTEM privileges on a host system.

This latest vulnerability uses the CopyFile registry directive to copy a DLL that launches a command prompt on the host system along with a print driver when you connect to a printer, allowing unauthorized access to a local attacker.

A patch is not yet available for this issue, but the workaround recommended by Microsoft is the same as issued for the various earlier PrintNightmare vulnerabilities: stop and disable the print spooler.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.