Attacks

As Sh1mmer requires a USB in order to function, it is unlikely that an attacker is going to add this exploit to their toolkit. However, it is possible that an attacker may socially engineer a user into performing this exploit on their own device. From an organizational standpoint, however, the biggest risk comes from users unenrolling their devices on their own to bypass security restrictions, which would then leave their device vulnerable to further compromise.…

This “vulnerability” is controversial from the perspective of KeePass and other information security practitioners. Both parties point out that a user’s failure to secure write access to the KeePass configuration file isn’t an inherent vulnerability with KeePass itself. Furthermore, if a threat actor is able to access a properly protected configuration file, the potential to steal the contents of the victims KeePass vault is nearly endless. For example, a threat actor could replace the KeePass…

At this time, not much is known about the IceBreaker group, but Security Joes decided to publish a report on their findings and share all captured IoCs (indicators of compromise) to help defenders detect and tackle this threat. The researchers have published a technical report describing the threat actor’s modus operandi and how their backdoor works. YARA rules have also been published to help organizations detect the malware. Additionally, Security Joes recommends companies suspecting a…

This list has always been kept away from the public eye. Now that it has been posted publicly and released, the U.S. government and TSA have all began investigation into the leak and into the threat actor behind the leak. The threat actor took their attack one step further by claiming to have pivoted from the AWS server into gaining access to more critical systems that would allow them to delay or cancel flights. Air…

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location.• Install updates/patch operating systems, software, and firmware as soon as possible.• Implement monitoring of security events on…

The VMware patch for vRealize is available now, and system administrators should update the software as soon as possible. Ensuring that vRealize is not exposed to the internet is also an important factor to consider. Below are the version details for the software patch: • VMware vRealize Log Insight◦ Fixed version: 8.10.2• VMware Cloud Foundation (VMware vRealize Log Insight)◦ Fixed Version: KB90668IOCs for potential exploitation of this vulnerability can be found here: https://www.horizon3.ai/vmware-vrealize-cve-2022-31706-iocs/ https://www.bleepingcomputer.com/news/security/researchers-to-release-vmware-vrealize-log-rce-exploit-patch-now/