{"id":24464,"date":"2022-06-24T07:45:46","date_gmt":"2022-06-24T11:45:46","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=490112"},"modified":"2022-06-27T15:33:25","modified_gmt":"2022-06-27T19:33:25","slug":"cyber-security-today-june-24-2022-unpatched-vmware-applications-still-being-exploited-ransomware-used-as-a-decoy-and-a-covid-text-scam","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-june-24-2022-unpatched-vmware-applications-still-being-exploited-ransomware-used-as-a-decoy-and-a-covid-text-scam\/","title":{"rendered":"Cyber Security Today, June 24, 2022 \u2013 Unpatched VMware applications still being exploited, ransomware used as a decoy, and a COVID text scam"},"content":{"rendered":"<p>Unpatched VMware applications are still being exploited, ransomware used as a decoy, and a COVID text scam.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Friday, June 24th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe loading=\"lazy\" style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23523185\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>It\u2019s hard to believe<\/strong> with all of the news stories earlier this year, but threat actors continue to exploit an unpatched Log4Shell vulnerability in VMware Horizon and Unified Access Gateway servers. <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-174a\" rel=\"noopener\">That\u2019s according to the U.S. Cybersecurity and Infrastructure Security Agency.<\/a> Alerts about this vulnerability started circulating last December. But some IT administrators still aren\u2019t getting the message. If your organization hasn\u2019t paid attention to this yet, assume your Horizon or UAG installation has been compromised. Start threat hunting. The CISA report includes recommendations on what to look for. There\u2019s a link to the report in the text version of this podcast. Log4Shell is a remote code execution vulnerability that affects products using Apache\u2019s Log4j2 logging library. After exploiting a hole in Horizon or UAG an attacker will upload malware to spread across the IT environment.<\/p>\n<p><strong>Threat actors often use<\/strong> denial of service attacks to distract IT from a data theft going on elsewhere in the organization. <a href=\"https:\/\/www.secureworks.com\/research\/bronze-starlight-ransomware-operations-use-hui-loader\" rel=\"noopener\">According to researchers at Secureworks<\/a>, one Chinese-based attacker may be using ransomware the same way. The ransomware used by the gang dubbed Bronze Starlight only has a short lifespan, the report stays. That suggests the gang\u2019s goal is data theft or espionage. If so the deployment of ransomware may be to distract incident responders from what\u2019s really going on. One clue of this gang\u2019s presence is the use of a custom DLL loader called HUI Loader for uploading remote access trojans and Cobalt Strike beacons to compromised computers and servers. That leads to the uploading of ransomware. Note that this gang initially compromises networks by exploiting known vulnerabilities in devices. Patches are usually available that could have prevented the attack from starting.<\/p>\n<p><strong>Crooks continue to use<\/strong> fears about COVID-19 to spread scams.<a href=\"https:\/\/www.tripwire.com\/state-of-security\/featured\/nhs-warns-scam-covid-19-text-messages\/\" rel=\"noopener\"> One of the latest tricks is happening in the United Kingdom<\/a>, where people are getting text messages that pretend to come from the National Health Service, or NHS. The message says they\u2019ve been in close contact with someone who has the virus. They are told to order a free testing kit by clicking on the included link. Victims who click go to a website that looks like an NHS site, where all they have to spend is a small amount for postage for the kit \u2014 plus fill in personal information and a credit card number. A variant on the scheme asks victims to click on a link to book a free COVID test, again with the goal of getting victims\u2019 personal information. This type of scam can be tried in any country. One reason crooks like text message scams is it\u2019s hard for victims to check website addresses on a smartphone\u2019s small screen. That\u2019s why people have to think carefully before clicking on links in text messages.<\/p>\n<p><strong>Finally,<\/strong> Google has released security updates for Chrome. If you use this browser make sure it\u2019s the latest version.<\/p>\n<p><strong>Remember later today<\/strong> the Week in Review edition will be out, with guest commentator Terry Cutler of Montreal\u2019s Cyology Labs. We\u2019ll talk about Cloudflare\u2019s outage this week and a U.S. bank\u2019s failure to detect a data breach after discovering a separate ransomware attack.<\/p>\n<p>Links to details about podcast stories are in the text version at ITWorldCanada.com.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-24-2022-unpatched-vmware-applications-still-being-exploited-ransomware-used-as-a-decoy-and-a-covid-text-scam\/490112\">Cyber Security Today, June 24, 2022 \u2013 Unpatched VMware applications still being exploited, ransomware used as a decoy, and a COVID text scam<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unpatched VMware applications are still being exploited, ransomware used as a decoy, and a COVID text scam. Welcome to Cyber Security Today. It\u2019s Friday, June 24th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. \u00a0 It\u2019s hard to believe with all of the news stories earlier this year, but threat actors continue to<\/p>\n","protected":false},"author":17,"featured_media":20709,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-24464","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24464"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24464\/revisions"}],"predecessor-version":[{"id":24598,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24464\/revisions\/24598"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20709"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}