Malware

02 Feb

Remote code execution exploit chain available for VMware vRealize Log Insight

Data Breaches, Malware, Social Engineering

VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow. “Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that…

Read More
02 Feb

New HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero

Attacks, Malware

Since Redis was designed to be accessed from within trusted environments by trusted clients, it is generally not recommended to expose any servers to the Internet. Since Redis does not use authentication by default, exposing a server to the Internet would allow anyone to freely access it and use it for any purpose they desire. Since version 3.2.0, Redis will, by default, enter a protected mode if it is configured as bound to all interfaces…

Read More
02 Feb

New Nevada Ransomware Targets Windows and VMware ESXi Systems

Attacks, Malware

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as possible• Implement monitoring of security events…

Read More
02 Feb

Cisco Devices Left Vulnerable After Bugs are Discovered

Attacks, Malware

Exploiting these bugs would require a threat actor to obtain admin-level access on the local device. However, given that many deployments are likely not to change the default device passwords, threat actors may not have much difficulty obtaining those admin credentials. Researchers at Trellix have advised those using the Cisco products to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don’t run containers disable the IOx container framework…

Read More
02 Feb

Cisco Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Original release date: February 2, 2023 Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

Attacks, Insights, Malware

Original release date: February 2, 2023 Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

NTT, Palo Alto partner for managed SASE with AIOps

Data Breaches, Malware, Social Engineering

A new offering from IT services provider NTT combines Palo Alto Networks’ Prisma SASE offering with NTT’s managed network services and AIOps infrastructure. SASE – secure access service edge – has been gaining interest for its potential to reduce networking complexity while improving security. It combines SD-WAN with security services, including secure web access gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall-as-a-service (FWaaS), in a single, cloud-delivered service model. Increasingly, companies looking…

Read More
02 Feb

Foreign states already using ChatGPT maliciously, UK IT leaders believe

Data Breaches, Malware, Social Engineering

Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That’s according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a…

Read More
02 Feb

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Data Breaches, Malware, Social Engineering

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns. At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that…

Read More
01 Feb

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

Data Breaches, Malware, Social Engineering

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or…

Read More