Cyber Security Today, Feb. 17, 2023 – A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more

Share post:

A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more.

Welcome to Cyber Security Today. It’s Friday, February 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

An attacker created and tried to use a fake code-signing certificate from security company Emsisoft to install a tool for hacking into a customer’s computer. If successful the tool would have been detected by the Emsisoft application — but registered as a false positive. Emsisoft said this week the attempt was blocked by its product. However, application developers should use this incident watch for someone trying to compromise their digital certificate infrastructure. IT and security administrators need to limit the number of approved applications that can be downloaded by staff and run in their environments. And they need to ensure that applications flagged for being signed with suspicious digital certificates are quarantined. The tool the attacker tried to leverage with the phony-named certificate was MeshCentral, an open-source remote access application. That can be OK if approved, but in the hands of an attacker it will be used for network compromise. Emsisoft also notes that if an attacker gains a foothold on the network one of the first things they want to do is disable antivirus, antimalware and other defensive applications. That’s why it’s important that all endpoint products should only be disabled by an administrator whose access is protected with multifactor authentication.

There’s evidence that the ransomware exploitation of unpatched VMware hypervisor servers continues. Researchers at Censys this week have seen 500 more servers on the internet that appear to have been infected with what is called the ESXiArgs ransomware. Most of these recent infections are on hosts in France, Germany, the Netherlands and the U.K. Hundreds of others have been seen earlier in Canada and the U.S. IT departments running out of date and unsupported versions of ESXi are at the greatest risk.

Splunk has issued a number of patches for the Enterprise version of its security event management platform as part of its quarterly updates. Administrators should review these updates and install them as soon as possible. Also this week, Citrix issued a number of patches for severe vulnerabilities in several products. These include Citrix Virtual Apps and Desktops, and Workspace for Windows and Linux. Because of the sensitivity of Citrix these should be installed as soon as possible.

Tile, which makes a little Bluetooth tracker for finding lost keys, wallets, purses, luggage and other things, has added an anti-theft mode to its devices. That way, the company says, crooks or stalkers can’t use a scan mode to find nearby Tile-enabled devices. Anti-theft mode makes it easier to recover stolen valuables by making it harder for thieves to know an item is being tracked by the owner.

I regularly report on business email compromise scams. These are attempts by email, text or voice to impersonate an executive to trick an employee into sending money in some way to a crook. A common tactic is claiming funds have to be sent to a new customer to nail down a partnership. The scams I report on are perpetrated in English-speaking countries. But a new report from Abnormal Intelligence is a reminder that these scams have been found in 13 languages including French, German, Italian, Spanish and others. So if you’re listening outside Canada, the U.S. and the U.K. your company is just as likely to get one of these messages. In whatever country you are in, be careful with messages from executives who ask you to do something involving money transfers or buying gift cards, especially if they say it has to be done fast.

Truck manufacturing and transportation companies need people with cybersecurity experience to protect the GPS and wireless diagnostic devices in heavy vehicles. One way the industry finds people interested in cybersecurity is through the annual CyberTruck challenge. It’s a five-day event for Canadian and American university students interested in heavy vehicle cybersecurity issues. Registration is now open for this year’s event during the week of June 12th in Warren, Michigan. All student expenses are covered including travel, accommodation and meals. There’s a link to the application here.

That’s it for now. But later today the Week in Review will be available. Guest commentator David Shipley and I will discuss cybersecurity and hospitals, as well as why executives and IT security don’t communicate well.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 17, 2023 – A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

The road to AI: Hashtag Trending, Weekend Edition – March 29, 2024

Welcome to Hashtag Trending, the Weekend Edition. I’m your host, Jim Love. On this long weekend, I thought we’d try something a little different. I find that when I break my daily routine and get some time away, I can take a moment and reflect – see the bigger picture – and use that perspective

Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL...

This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways