Cyber Security Today, May 14, 2021 – Beware of fileless malware, a Wi-Fi warning and more

Beware of fileless malware, a Wi-Fi warning and more.

Welcome to Cyber Security Today. It’s Friday, May 14. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Attackers always look for ways to evade detection of their malware. They are increasingly turning to what are called fileless methods. It’s done by having the malware execute in a computer’s memory. That avoids files that can be spotted by antivirus systems. The latest example has been discovered by a security company called Anomali. It says a threat group is using a free Microsoft software development application called MSBuild to plant a remote access tool on a victim system. Then it installs malware that steals passwords. It isn’t known yet how systems were initially compromised, but typically it gets done by tricking a person into using a legitimate-looking but hacked application. Information security professions are warned to educate employees about proper cybersecurity procedures when handling emails with attachments and not downloading unapproved software.

Wi-Fi has been in use since 1997. That’s also how long several design flaws have been sitting in routers, smartphones and other devices, according to a researcher. He dubbed them ‘FragAttack.’ If an adversary is near a victim using Wi-Fi they could steal data or attack their device. Fortunately, the flaws are hard to abuse unless there have been programming mistakes in Wi-Fi products. Thanks to the researcher’s tip in the past few months security updates have been quietly added to products, including Windows. Most mobile devices like smartphones and tablets would be patched through their operating systems. Patches for Linux will be available soon. Those worried should take the usual precautions for Wi-Fi: Only turn it on when needed, and don’t use Wi-Fi for sensitive things like connecting to email, your company’s systems or a bank in public places like hotels, convention centres, airports restaurants and malls.

I mentioned in Monday’s podcast that a phishing scam partly relied on the Zix secure messaging service to fool victims. Zix issued a statement emphasizing the phishing campaign didn’t start from its service. Instead it starts from a compromised companies email account. Only a small portion of the phishing messages were sent to Zix customers from that account.

Finally, a few podcasts ago I told you about a compromise at a software code testing company called Codecov. The part of its service that allows users to upload their code to the service was altered, allowing the attacker to see details and possibly pull out passwords of customers. This week a security company and Codecov user called Rapid7 acknowledged it had been victimized by this hack. A small part of its source code was copied. In addition some customers were warned to take steps in case they were affected. Other victim firms publicly identified so far are Twilio and HashiCorp. Codecov users should follow the company’s security instructions.

That’s it for now. Remember later today the Week in Review edition will be available. Guest Dinah Davis of Arctic Wolf and I will talk the fallout of the Colonial Pipeline ransomware attack. Listen on your way home, or on the weekend.

Links to details about podcast stories are in the text version at That’s where you’ll also find other cybersecurity stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs