CyberSecure Specialist

07 Feb

CISA Releases ESXiArgs Ransomware Recovery Script

Attacks, Insights, Malware

Original release date: February 7, 2023 CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable. CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment. Organizations can access the recovery…

Read More
07 Feb

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Information, Insights

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media…

Read More
07 Feb

Online safety laws: What’s in store for children’s digital playgrounds?

Information

As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm Tomorrow is Safer Internet Day (SID), an annual awareness campaign that started in Europe in 2004 and that aims to highlight the need for people to enjoy the benefits of the internet while mitigating their exposure to online risks. Now in its 20th edition, SID has evolved into a landmark…

Read More
07 Feb

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

Information

by Paul Ducklin Cybersecurity news, in Europe at least, is currently dominated by stories about “VMWare ESXi ransomware” that is doing the rounds, literally and (in a cryptographic sense at least) figuratively. CERT-FR, the French government’s computer emergency response team, kicked off what quickly turned into a mini-panic at the tail end of last week, with a bulletin entitled simply: Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (Cyberattack exploiting a VMWare ESXi vulnerability). Although the…

Read More
07 Feb

VMware ESXi Servers Targeted by Linux Variant of Royal Ransomware

Attacks, Malware

Hypervisors like ESXi continue to become more ubiquitous due to the power and convenience of managing virtual machines rather than physical ones. Unfortunately, that power and convenience also attract threat actors. The compromise of a hypervisor also implies the compromise of every virtual machine housed within. In a single stroke, dozens to hundreds of critical virtual machines could be encrypted and held for ransom. ESXi servers are particularly vulnerable, inciting the recent trend of ransomware…

Read More
07 Feb

GoAnywhere MFT Zero-Day Exploit Proof-of-Concept Released

Attacks, Malware

Any users of GoAnywhere MFT should assume compromise, and remove public-facing internet access to the tool and rotate the master encryption key and any passwords used for access. The security bulletin released by the developer includes a stacktrace that administrators can look for in the logs to determine if the exploit was uses against the system. Additionally, administrators should deploy the security patch as soon as change management allows. Companies should endeavor to always bring…

Read More
07 Feb

Clop Ransomware Targeting Linux Systems

Attacks, Malware

Ransomware groups are always working to find new targets and develop new strains of ransomware that will increase their target lists and maximize their profits. With lots of companies moving to cloud-based computing, most of it being run on Linux, this shift from Clop is not unexpected. A number of ransomware operations are now targeting vulnerable VMWare ESXi servers, thousands of which have recently transitioned to end-of-life status and are no longer receiving official security…

Read More
07 Feb

Software Supply Chain Security Firm Lineaje Raises $7 Million

Information, News

Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of whether they are the developers, suppliers, or users of software. Lineaje’s SB0M360 software supply chain management solution can identify all…

Read More
07 Feb

What CISOs need to know about the renewal of FISA Section 702

Data Breaches, Malware, Social Engineering

In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 specifically addresses how the US government can conduct targeted surveillance of foreign persons located outside the US, with the compelled…

Read More
07 Feb

MKS Instruments falls victim to ransomware attack

Data Breaches, Malware, Social Engineering

Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company’s website continued to be inaccessible at the time…

Read More