Malware

01 Feb

New Chromebook Exploit Allows Users to Unenroll Managed Devices

Attacks, Malware

As Sh1mmer requires a USB in order to function, it is unlikely that an attacker is going to add this exploit to their toolkit. However, it is possible that an attacker may socially engineer a user into performing this exploit on their own device. From an organizational standpoint, however, the biggest risk comes from users unenrolling their devices on their own to bypass security restrictions, which would then leave their device vulnerable to further compromise.…

Read More
01 Feb

Potential KeePass Flaw Discovered Allowing Plaintext Vault Export

Attacks, Malware

This “vulnerability” is controversial from the perspective of KeePass and other information security practitioners. Both parties point out that a user’s failure to secure write access to the KeePass configuration file isn’t an inherent vulnerability with KeePass itself. Furthermore, if a threat actor is able to access a properly protected configuration file, the potential to steal the contents of the victims KeePass vault is nearly endless. For example, a threat actor could replace the KeePass…

Read More
01 Feb

Hackers Use New IceBreaker Malware to Breach Gaming Companies

Attacks, Malware

At this time, not much is known about the IceBreaker group, but Security Joes decided to publish a report on their findings and share all captured IoCs (indicators of compromise) to help defenders detect and tackle this threat. The researchers have published a technical report describing the threat actor’s modus operandi and how their backdoor works. YARA rules have also been published to help organizations detect the malware. Additionally, Security Joes recommends companies suspecting a…

Read More
01 Feb

VMware Releases Security Update for VMware vRealize Operations

Attacks, Insights, Malware

Original release date: February 1, 2023 VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Feb

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

Data Breaches, Malware, Social Engineering

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.  While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% of granted permissions are not used, which leaves many opportunities for attackers who steal credentials, the report noted.  The data…

Read More
01 Feb

US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

Data Breaches, Malware, Social Engineering

The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that “threaten the public safety and national security, [and] wrongfully…

Read More
01 Feb

Why you might not be done with your January Microsoft security patches

Data Breaches, Malware, Social Engineering

The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If…

Read More
31 Jan

United States No Fly List Shared on Hacking Forum

Attacks, Malware

This list has always been kept away from the public eye. Now that it has been posted publicly and released, the U.S. government and TSA have all began investigation into the leak and into the threat actor behind the leak. The threat actor took their attack one step further by claiming to have pivoted from the AWS server into gaining access to more critical systems that would allow them to delay or cancel flights. Air…

Read More
31 Jan

Copycat Group Mimicking LockBit in Northern Europe

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location.• Install updates/patch operating systems, software, and firmware as soon as possible.• Implement monitoring of security events on…

Read More
31 Jan

Exploit for VMware vRealize to be Released

Attacks, Malware

The VMware patch for vRealize is available now, and system administrators should update the software as soon as possible. Ensuring that vRealize is not exposed to the internet is also an important factor to consider. Below are the version details for the software patch: • VMware vRealize Log Insight◦ Fixed version: 8.10.2• VMware Cloud Foundation (VMware vRealize Log Insight)◦ Fixed Version: KB90668IOCs for potential exploitation of this vulnerability can be found here: https://www.horizon3.ai/vmware-vrealize-cve-2022-31706-iocs/ https://www.bleepingcomputer.com/news/security/researchers-to-release-vmware-vrealize-log-rce-exploit-patch-now/

Read More