Plus, an attacker borrows money to steal money, and Lenovo laptops patch firmware flaw.
Researchers analyzing anomalies in network traffic coming from a hospital elevator followed the trail to an unsecure TUG Home Base server, which is used to monitor and manage the Aethon TUG robots used by the hospital. The researchers found five separate security issues and attack vectors in the server and dubbed them JekyllBot:5. The issues included three exposed communication interfaces, one exposed web-based API, and one exposed WebSocket interface. If hackers were to exploit these vulnerabilities, they could assume full control of the robots, which are deployed to haul food, medication, lab specimens, and other supplies across facilities. “Health care organizations, and in particular hospitals, have been one of the preferred victims of ransomware attacks during the last few years,” commented Avast Security Evangelist Luis Corrons. “One of the reasons for this is that they use a lot of different equipment which makes the attack surface much larger than in other sectors. These new vulnerabilities show, in fact, that there is a need for more security audits to close up these holes that make hospitals vulnerable to cyberattacks.” For more on this story, see CSO Online. A new study conducted by researchers at University of Wisconsin-Madison and Loyola University in Chicago found that the mute button on popular video conferencing apps (VCAs) does not prevent audio from being transmitted to the apps’ servers. Apps tested include Zoom, Slack, MS Teams/Skype, Google Meet, Cisco Webex, and Discord. All apps continued to occasionally collect audio data, no matter the mute button status, except for those web clients that used the browser’s software mute feature. Zoom was found to actively track if the user is talking even while they are in mute mode. For more on this story, see Bleeping Computer. Earlier this week, a decentralized finance project called Beanstalk Farms, which puts out the cryptocurrency token known as the “Bean,” was targeted by an attacker who drained the project of $182 million in less than 13 seconds. The attacker first took out a flash loan from another entity, then used the money to buy 67% governance in Beanstalk Farms. Then, possessing the majority share, the attacker was able to approve a transfer of $182 million in cryptocurrency to their own wallet. Experts believe that after paying back the flash loan, the attacker walked away with around $80 million in profit. For more, see The Verge. Lenovo has released patches for over 100 laptop models to fix three critical vulnerabilities that would make it possible for hackers to install malicious firmware. The flaws give hackers the ability to modify a computer’s Unified Extensible Firmware Interface (UEFI), software that resides in a flash chip on the motherboard and acts as a bridge between the firmware and the operating system. To execute the steps necessary to exploit these vulnerabilities, however, attackers need to have local access to the laptops. About one million laptops are at risk. To learn more, see Ars Technica. According to Google Project Zero, 2021 was a record-breaking year for zero-day exploits. Researchers in the group say they tracked 58 cases of zero-day exploits in the wild through the year. The previous maximum had been 28, which was from 2015. According to one researcher, the increased number is likely due to the increased detection and disclosure of zero-day exploits, rather than the increased usage of them. Zero-day exploits are instances where attackers target a newly discovered vulnerability that the developers have had zero days to patch. See Cyberscoop for more. Tech support scammers specifically target older people because they believe them to be more trusting, hope they might have memory problems, and they tend to be more financially secure than younger people. Here's what you and your older loved ones should know to stay safe.Video conference app mute buttons may not really be muting
Attacker uses flash loan to steal $182 million
Over 100 Lenovo models vulnerable to malicious firmware
2021 was record high for zero-day exploits
This week’s must-read on the Avast blog