Cyber Security Today, Feb. 17, 2023 – A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more

Share post:

A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more.

Welcome to Cyber Security Today. It’s Friday, February 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

An attacker created and tried to use a fake code-signing certificate from security company Emsisoft to install a tool for hacking into a customer’s computer. If successful the tool would have been detected by the Emsisoft application — but registered as a false positive. Emsisoft said this week the attempt was blocked by its product. However, application developers should use this incident watch for someone trying to compromise their digital certificate infrastructure. IT and security administrators need to limit the number of approved applications that can be downloaded by staff and run in their environments. And they need to ensure that applications flagged for being signed with suspicious digital certificates are quarantined. The tool the attacker tried to leverage with the phony-named certificate was MeshCentral, an open-source remote access application. That can be OK if approved, but in the hands of an attacker it will be used for network compromise. Emsisoft also notes that if an attacker gains a foothold on the network one of the first things they want to do is disable antivirus, antimalware and other defensive applications. That’s why it’s important that all endpoint products should only be disabled by an administrator whose access is protected with multifactor authentication.

There’s evidence that the ransomware exploitation of unpatched VMware hypervisor servers continues. Researchers at Censys this week have seen 500 more servers on the internet that appear to have been infected with what is called the ESXiArgs ransomware. Most of these recent infections are on hosts in France, Germany, the Netherlands and the U.K. Hundreds of others have been seen earlier in Canada and the U.S. IT departments running out of date and unsupported versions of ESXi are at the greatest risk.

Splunk has issued a number of patches for the Enterprise version of its security event management platform as part of its quarterly updates. Administrators should review these updates and install them as soon as possible. Also this week, Citrix issued a number of patches for severe vulnerabilities in several products. These include Citrix Virtual Apps and Desktops, and Workspace for Windows and Linux. Because of the sensitivity of Citrix these should be installed as soon as possible.

Tile, which makes a little Bluetooth tracker for finding lost keys, wallets, purses, luggage and other things, has added an anti-theft mode to its devices. That way, the company says, crooks or stalkers can’t use a scan mode to find nearby Tile-enabled devices. Anti-theft mode makes it easier to recover stolen valuables by making it harder for thieves to know an item is being tracked by the owner.

I regularly report on business email compromise scams. These are attempts by email, text or voice to impersonate an executive to trick an employee into sending money in some way to a crook. A common tactic is claiming funds have to be sent to a new customer to nail down a partnership. The scams I report on are perpetrated in English-speaking countries. But a new report from Abnormal Intelligence is a reminder that these scams have been found in 13 languages including French, German, Italian, Spanish and others. So if you’re listening outside Canada, the U.S. and the U.K. your company is just as likely to get one of these messages. In whatever country you are in, be careful with messages from executives who ask you to do something involving money transfers or buying gift cards, especially if they say it has to be done fast.

Truck manufacturing and transportation companies need people with cybersecurity experience to protect the GPS and wireless diagnostic devices in heavy vehicles. One way the industry finds people interested in cybersecurity is through the annual CyberTruck challenge. It’s a five-day event for Canadian and American university students interested in heavy vehicle cybersecurity issues. Registration is now open for this year’s event during the week of June 12th in Warren, Michigan. All student expenses are covered including travel, accommodation and meals. There’s a link to the application here.

That’s it for now. But later today the Week in Review will be available. Guest commentator David Shipley and I will discuss cybersecurity and hospitals, as well as why executives and IT security don’t communicate well.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 17, 2023 – A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Forget Recall, Windows is already tracking what you do. Hashtag Trending for Thursday, June 13, 2024

Forget Recall, Microsoft is already tracking you since Windows 10. Adobe says they must see your projects or...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Laptops “bricked” by routine update. Hashtag Trending for Wednesday, June 11, 2024

It’s official, ChatGPT will be integrated with Siri for free in iOS 18 and MacOS Sequoia, HP ProBooks...

25% of bosses hoped Return to Work policies would cause employees to quit. Hashtag Trending for Tuesday, June 11, 2024

25% of Bosses Hoped RTO Would Make Staff Quit, HP Reports 20% Drop in Printed Pages Since Pandemic,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways