Week in review: Attackers exploiting VMware RCE, Microsoft fixes actively exploited zero-day


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)
On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and another (CVE-2022-26904) for which there’s already a PoC and a Metasploit module.

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
Since Microsoft’s latest Patch Tuesday, CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential.

More organizations are paying the ransom. Why?
Most organizations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group has shown.

Sandworm hackers tried (and failed) to disrupt Ukraine’s power grid
The Computer Emergency Response Team of Ukraine (CERT-UA), with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine.

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems.

APT group has developed custom-made tools for targeting ICS/SCADA devices
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): Certain APT actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices.

How to achieve better cybersecurity assurances and improve cyber hygiene
How can your business reduce the risk of a successful cyber attack and create a defendable network?

Eavesdropping scam: A new scam call tactic
Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.

Data democratization leaves enterprises at risk
Today’s digital landscape has increased enterprises’ reliance on large datasets and analytics, underscoring the value of data for business.

Cybersecurity is getting harder: More threats, more complexity, fewer people
Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise.

Independent security audits are essential for cloud service providers. Here’s why
As more companies outsource IT infrastructure to third-party providers and adopt cloud-based collaboration tools, the need for partners that deliver strong protection and peace of mind is essential.

Human activated risk still a pain point for organizations
Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack.

The two words you should never forget when you’re securing a cloud
When cloud providers sell their services, they know their customers are thinking about cybersecurity – that’s why providers tend to tout their impressive accreditations and certificates.

The benefits of cyber risk quantification in the modern cybersecurity landscape
Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification (CRQ) in the modern cybersecurity landscape.

Confessions of a CTO
Chief technology officers (CTOs) are typically juggling the joint responsibility of maintaining the organization’s overarching technology infrastructure and enabling business innovation.

Cybersecurity must be at the forefront of a blockchain project
In this video for Help Net Security, Dr. Dmitry Mikhailov, CTO at Farcana Metaverse, talks about cybersecurity in the crypto industry and the vulnerability of a blockchain project.

Organizations must be doing something good: Payment fraud activity is declining
Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.

How to improve enterprise password security?
In this video for Help Net Security, Darren Siegel, Product Specialist at Specops Software, talks about the importance of password security and what makes them vulnerable.

How to perform cybersecurity market analysis
The European Union Agency for Cybersecurity (ENISA) introduces a framework to perform cybersecurity market analyses and dives into the market of the Internet of Things (IoT) distribution grids for validation.

Why managing and securing digital identities is a must
In this video for Help Net Security, Julie Smith, Executive Director of the Identity Defined Security Alliance (IDSA), talks about how IDSA and National Cybersecurity Alliance partnered to create Identity Management Day.

Lack of data readiness threatens digital transformation in healthcare
A majority of healthcare leaders have established digital transformation as a top priority spurred by the pandemic, yet they’re facing a chronic, underlying challenge that’s impeding their efforts: data readiness.

Potential threats to uninterruptible power supply (UPS) devices
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy (DOE), about potential threats to uninterruptible power supply (UPS) devices that are connected to the internet.

Keeper Password Manager for Business
In this video, Craig Lurey, CTO and Co-Founder of Keeper Security, explains the features of the Keeper Password Manager for Business.

Solving challenges and minimizing risks of remote work
In this video for Help Net Security, Chris Harris, EMEA Technical Director at Thales, talks about the cyber risks organizations face due to a growing use of the cloud and regular work from home.

The state of open source security in 2022
In this video for Help Net Security, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source security in 2022.

New npm flaws let attackers better target packages for account takeover
In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover.

Top attack techniques for breaching enterprise and cloud environments
In this video for Help Net Security, Zur Ulianitzky, Head of Research at XM Cyber, talks about the top attack techniques used by threat actors to compromise critical assets in enterprise and cloud environments.

Advance your penetration testing skills by mastering Kali Linux
In this video for Help Net Security, Vijay Kumar Velu, Technical Director for Offensive Security and DFIR at BDO UK, talks about his latest book: Mastering Kali Linux for Advanced Penetration Testing (4th Edition).

Open XDR: Balancing risk and cybersecurity costs through a unified platform approach
Join security leaders from the University of Denver and EBSCO to learn how Open XDR’s intelligent correlation eliminates alert fatigue and identifies and protects against attacks in real time.

Cyber defense: Prioritized by real-world threat data
The impact of a cybersecurity breach can be painful for any enterprise, and devastating for some. Any one of the top five threats we see in today’s environment—malware, ransomware, web application hacking, insider and privilege misuse, and targeted intrusions— are serious and can cause severe, long-lasting financial and reputational damage.

Product showcase: Enclave – using zero trust network access to simplify your networks
A huge number of Internet-accessible systems are protected by the principle of connect, then authenticate. This includes VPNs, web applications, databases, Windows Servers with RDP endpoints exposed, and more.

New infosec products of the week: April 15, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Axis Security, BigID, Finite State, oak9, OwnBackup, Palo Alto Networks, and Spin Technology.

More about

Don't miss