Cyber Security Today, June 24, 2022 – Unpatched VMware functions nonetheless being exploited, ransomware used as a decoy, and a COVID textual content rip-off | IT World Canada News
Unpatched VMware functions are nonetheless being exploited, ransomware used as a decoy, and a COVID textual content rip-off.
Welcome to Cyber Security Today. It’s Friday, June twenty fourth, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
It’s onerous to imagine with the entire news tales earlier this yr, however risk actors proceed to take advantage of an unpatched Log4Shell vulnerability in VMware Horizon and Unified Access Gateway servers. That’s according to the U.S. Cybersecurity and Infrastructure Security Agency. Alerts about this vulnerability began circulating final December. But some IT directors nonetheless aren’t getting the message. If your group hasn’t paid consideration to this but, assume your Horizon or UAG set up has been compromised. Start risk searching. The CISA report consists of suggestions on what to search for. There’s a hyperlink to the report within the textual content model of this podcast. Log4Shell is a distant code execution vulnerability that impacts merchandise utilizing Apache’s Log4j2 logging library. After exploiting a gap in Horizon or UAG an attacker will add malware to unfold throughout the IT setting.
Threat actors typically use denial of service assaults to distract IT from a knowledge theft occurring elsewhere within the group. According to researchers at Secureworks, one Chinese-based attacker could also be utilizing ransomware the identical method. The ransomware utilized by the gang dubbed Bronze Starlight solely has a brief lifespan, the report stays. That suggests the gang’s aim is information theft or espionage. If so the deployment of ransomware could also be to distract incident responders from what’s actually occurring. One clue of this gang’s presence is the usage of a customized DLL loader known as HUI Loader for importing distant entry trojans and Cobalt Strike beacons to compromised computer systems and servers. That results in the importing of ransomware. Note that this gang initially compromises networks by exploiting identified vulnerabilities in gadgets. Patches are often accessible that would have prevented the assault from beginning.
Crooks proceed to make use of fears about COVID-19 to unfold scams. One of the latest tricks is happening in the United Kingdom, the place individuals are getting textual content messages that faux to come back from the National Health Service, or NHS. The message says they’ve been in shut contact with somebody who has the virus. They are informed to order a free testing package by clicking on the included hyperlink. Victims who click on go to a web site that appears like an NHS website, the place all they must spend is a small quantity for postage for the package — plus fill in private info and a bank card quantity. A variant on the scheme asks victims to click on on a hyperlink to e-book a free COVID check, once more with the aim of getting victims’ private info. This sort of rip-off may be tried in any nation. One motive crooks like textual content message scams is it’s onerous for victims to verify web site addresses on a smartphone’s small display. That’s why folks have to consider carefully earlier than clicking on hyperlinks in textual content messages.
Finally, Google has launched safety updates for Chrome. If you employ this browser make sure that it’s the most recent model.
Remember later as we speak the Week in Review version shall be out, with visitor commentator Terry Cutler of Montreal’s Cyology Labs. We’ll speak about Cloudflare’s outage this week and a U.S. financial institution’s failure to detect a knowledge breach after discovering a separate ransomware assault.
Links to particulars about podcast tales are within the textual content model at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing in your good speaker.