Anker Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s takeaways Anker’s new AI voice recorder is about the size of a quarter. The device can summarize and transcribe meetings automatically. It will cost $100 plus an optional monthly subscription. Anker wants to make recording your meetings simpler than ever. The company announced […] More

Kerry Wan/ZDNETFollow ZDNET: Add us as a preferred source More

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Image: Thomas Jensen/Unsplash
Cisco has released patches for a trio of bugs that hit its Enterprise NFV Infrastructure Software, and could result in escaping from virtual machines, running commands as root, and leaking system data. Leading the way with a CVSS score of 9.9 is CVE-2022-20777 and relates to a bug in next generation input/output feature that allowed an authenticated remote attacker to jump out of the guest VM and run commands as root on the host machines via an API call. Cisco obviously points out that such access could compromise the host completely. For unauthenticated remote attackers, CVE-2022-20779 with a CVSS score of 8.8, allows for root commands to be run if an administrator can be convinced to install VM image with crafted metadata that will execute the commands when the VM is registered. Rounding out the trio is a vulnerability dubbed CVE-2022-20780 with a CVSS score of 7.4 that exists in an XML parser and could leak system data. “An attacker could exploit this vulnerability by persuading an administrator to import a crafted file that will read data from the host and write it to any configured VM,” Cisco said. “A successful exploit could allow the attacker to access system information from the host, such as files containing user data, on any configured VM.” Cisco has been under the pump on the security front in the past month, with 64 vulnerabilities either appearing or being updated since April 13. Of that number, a vulnerability in the Cisco Wireless LAN Controller scored a perfect CVSS score of 10 due to an attacker being able to bypass password validation. “An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials,” the company said. “A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials.” To be vulnerable, devices needed to have the MAC filter radius compatibility option set to other. At the same time, Cisco said it had conducted tests with customers on predictive models related to network issues. “Cisco predictive networks work by gathering data from a myriad of telemetry sources. Once integrated, it learns the patterns using a variety of models and begins to predict user experience issues, providing problem solving options,” the company said. “Customers can decide how far and wide they want to connect the engine throughout the network, giving them flexible options to expand as they need.” Related Coverage More

The news on COVID-19 is changing daily. More and more people worldwide are on lockdown, hoping against hope that they and their loved ones can survive this pandemic. Obviously, many people are freaked out. But many folks are going about their days doing their best to cope in the face of this unprecedented threat seemingly […] More

The US Federal Bureau of Investigation has sent an alert on Thursday warning US companies about backdoor malware that is silently being installed on the networks of foreign companies operating in China via government-mandated tax software.
The backdoors allow threat actors to execute unauthorized code, infiltrate networks, and steal proprietary data from branches operating in China.
Making matters worse, the FBI says that all foreign companies are required by local Chinese laws to install this particular piece of software in order to handle value-added tax (VAT) payments to the Chinese tax authority.
FBI officials said the backdoor malware was spotted in the VAT software of two Chinese tech companies — namely Baiwang and Aisino.
Unfortunately, these are the only government-authorized tax software service providers allowed to operate VAT software in China, officials said, suggesting that any foreign company operating in China was most likely affected by this issue.
FBI alert linked to GoldenHelper and GoldenSpy reports

The FBI alert also listed two separate incidents where the infected companies have discovered the malware’s presence on their networks.
“In July 2018, an employee of a US pharmaceutical company with business interests in China downloaded the Baiwang Tax Control Invoicing software program from baiwang.com. Since at least March 2019, Baiwang released software updates which installed a driver automatically along with the main tax program. In April 2019, employees of the pharmaceutical company discovered that the software contained malware that created a backdoor on the company’s network,” the FBI said — describing what later security firm Trustwave identified as the GoldenHelper malware.
“In June 2020, a private cybersecurity firm reported that Intelligence Tax, a tax software from Aisino Corporation that is required by a Chinese bank under the same VAT system, likely contained malware that installed a hidden backdoor to the networks of organizations using the tax software,” the FBI also said — describing what Trustwave identified as the GoldenSpy backdoor, believed to be a second and improved iteration of the original GoldenHelper malware.
The FBI warns US companies that the backdoor malware installed on their systems has dangerous capabilities that may allow “cyber actors to preposition to conduct remote code execution and exfiltration activities on the victim’s network.”
FBI officials said they believed US companies in the healthcare, chemical, and finance sectors operating in China are in particular danger, based on China’s historical interest in these sectors.
Currently, the FBI Flash Alert AC-000129-TT is being distributed to companies in the aforementioned sectors so they can investigate further.
Indicators of compromises, such as malware file hashes and network communication URLs, that may help companies identify the presence of any of the two backdoor versions are available in Trustwave’s GoldenHelper and GoldenSpy reports.
While the FBI alert didn’t point the finger at the Chinese government directly, the alert said that both Baiwang and Aisino operate their VAT software under the management and oversight of NISEC (National Information Security Engineering Center), a state-owned private enterprise, with “foundational links” to China’s People Liberation Army, suggesting to a well-orchestrated nation-state intelligence gathering operation. More