Cyber Security Today, June 24, 2022 – Unpatched VMware applications still being exploited, ransomware used as a decoy, and a COVID text scam

Share post:

Unpatched VMware applications are still being exploited, ransomware used as a decoy, and a COVID text scam. Welcome to Cyber Security Today. It’s Friday, June 24th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  It’s hard to believe with all of the news stories earlier this year, but threat actors continue to exploit an unpatched Log4Shell vulnerability in VMware Horizon and Unified Access Gateway servers. That’s according to the U.S. Cybersecurity and Infrastructure Security Agency. Alerts about this vulnerability started circulating last December. But some IT administrators still aren’t getting the message. If your organization hasn’t paid attention to this yet, assume your Horizon or UAG installation has been compromised. Start threat hunting. The CISA report includes recommendations on what to look for. There’s a link to the report in the text version of this podcast. Log4Shell is a remote code execution vulnerability that affects products using Apache’s Log4j2 logging library. After exploiting a hole in Horizon or UAG an attacker will upload malware to spread across the IT environment. Threat actors often use denial of service attacks to distract IT from a data theft going on elsewhere in the organization. According to researchers at Secureworks, one Chinese-based attacker may be using ransomware the same way. The ransomware used by the gang dubbed Bronze Starlight only has a short lifespan, the report stays. That suggests the gang’s goal is data theft or espionage. If so the deployment of ransomware may be to distract incident responders from what’s really going on. One clue of this gang’s presence is the use of a custom DLL loader called HUI Loader for uploading remote access trojans and Cobalt Strike beacons to compromised computers and servers. That leads to the uploading of ransomware. Note that this gang initially compromises networks by exploiting known vulnerabilities in devices. Patches are usually available that could have prevented the attack from starting. Crooks continue to use fears about COVID-19 to spread scams. One of the latest tricks is happening in the United Kingdom, where people are getting text messages that pretend to come from the National Health Service, or NHS. The message says they’ve been in close contact with someone who has the virus. They are told to order a free testing kit by clicking on the included link. Victims who click go to a website that looks like an NHS site, where all they have to spend is a small amount for postage for the kit — plus fill in personal information and a credit card number. A variant on the scheme asks victims to click on a link to book a free COVID test, again with the goal of getting victims’ personal information. This type of scam can be tried in any country. One reason crooks like text message scams is it’s hard for victims to check website addresses on a smartphone’s small screen. That’s why people have to think carefully before clicking on links in text messages. Finally, Google has released security updates for Chrome. If you use this browser make sure it’s the latest version. Remember later today the Week in Review edition will be out, with guest commentator Terry Cutler of Montreal’s Cyology Labs. We’ll talk about Cloudflare’s outage this week and a U.S. bank’s failure to detect a data breach after discovering a separate ransomware attack. Links to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, June 24, 2022 – Unpatched VMware applications still being exploited, ransomware used as a decoy, and a COVID text scam first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways