Malware

As always, it is highly recommended to patch any appliances using vulnerable versions of software and to implement a plan for regular updates.In the event that applying the official patch is not immediately feasible, VMware has also released a temporary workaround: https://kb.vmware.com/s/article/89809 https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-foundation-remote-code-execution-bug/

The U.S. cybersecurity agency also strongly urged all organizations worldwide to prioritize patching these security bugs, even though BOD 22-01 only applies to U.S. FCEB agencies. Organizations are recommended to create a patch management policy to verify that all current systems are kept up to date. https://www.bleepingcomputer.com/news/security/cisco-warns-admins-to-patch-anyconnect-flaw-exploited-in-attacks/

Researchers at BlackBerry noted, “this campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors” and it highlights the difficulty of attribution in many campaigns. In the past, the activities of the two groups of threat actors had been largely independent, with targeted attack threat actors relying on custom tooling while cybercrime-motivated threat actors would typically rely on traditional tooling. However, as time goes on and traditional…

Since both vulnerabilities were addressed in this month’s Patch Tuesday, companies should look to patching all their Windows devices as soon as their patch management procedure allows. Additionally, it can be a good idea to implement file system and service monitoring on workstations and servers. Tools such as osquery can do this; in general, such tools can empower Administrators to more effectively understand the activity occurring on the systems for which they are responsible. https://thehackernews.com/2022/10/researchers-detail-windows-event-log.html

While this campaign targets free services, Binary Defense researchers have observed an uptick in the number of compromises of cloud services like AWS or Azure to mine cryptocurrency. These attacks are effectively theft and can leave organizations with a large bill.For example, a developer in Seattle incurred a bill for over $53,000 which was normally a $100-$150 per month. In another case, a California College student was sent a bill for $55,000.It is highly recommended…

Ensuring that systems are up to date and stay up to date is a key component of staying protected from cyber threats. When notices such as end of support are released, it is important that anyone running affected systems ensure that they are aware of the timeframe they face and begin the proper steps in upgrading affected systems to newer versions. Anyone that keeps running outdated and unsupported versions maintains a higher risk for becoming…