{"id":35716,"date":"2023-02-17T08:18:04","date_gmt":"2023-02-17T13:18:04","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=528223"},"modified":"2023-02-21T09:33:44","modified_gmt":"2023-02-21T14:33:44","slug":"cyber-security-today-feb-17-2023-a-fake-emsisoft-code-signing-certificate-found-increasing-vmware-ransomware-detected-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-feb-17-2023-a-fake-emsisoft-code-signing-certificate-found-increasing-vmware-ransomware-detected-and-more\/","title":{"rendered":"Cyber Security Today, Feb. 17, 2023 \u2013 A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more"},"content":{"rendered":"<p data-ar-index=\"0\">A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Friday, February 17th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25957584\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>An attacker created<\/strong> and tried to use a fake code-signing certificate from security company Emsisoft to install a tool for hacking into a customer\u2019s computer. If successful the tool would have been detected by the Emsisoft application \u2014 but registered as a false positive. <a href=\"https:\/\/www.emsisoft.com\/en\/blog\/43619\/alert-threat-actors-are-using-fake-emsisoft-code-signing-certificates-to-disguise-their-attacks\/\" rel=\"noopener\">Emsisoft said this week<\/a> the attempt was blocked by its product. However, application developers should use this incident watch for someone trying to compromise their digital certificate infrastructure. IT and security administrators need to limit the number of approved applications that can be downloaded by staff and run in their environments. And they need to ensure that applications flagged for being signed with suspicious digital certificates are quarantined. The tool the attacker tried to leverage with the phony-named certificate was MeshCentral, an open-source remote access application. That can be OK if approved, but in the hands of an attacker it will be used for network compromise. Emsisoft also notes that if an attacker gains a foothold on the network one of the first things they want to do is disable antivirus, antimalware and other defensive applications. That\u2019s why it\u2019s important that all endpoint products should only be disabled by an administrator whose access is protected with multifactor authentication.<\/p>\n<p data-ar-index=\"4\"><strong>There\u2019s evidence<\/strong> that the ransomware exploitation of unpatched VMware hypervisor servers continues.<a href=\"https:\/\/censys.io\/the-evolution-of-esxiargs-ransomware\/\" rel=\"noopener\"> Researchers at Censys<\/a> this week have seen 500 more servers on the internet that appear to have been infected with what is called the ESXiArgs ransomware. Most of these recent infections are on hosts in France, Germany, the Netherlands and the U.K. Hundreds of others have been seen earlier in Canada and the U.S. IT departments running out of date and unsupported versions of ESXi are at the greatest risk.<\/p>\n<p data-ar-index=\"5\"><strong>Splunk has issued<\/strong> a<a href=\"https:\/\/advisory.splunk.com\/advisories\" rel=\"noopener\"> number of patches<\/a> for the Enterprise version of its security event management platform as part of its quarterly updates. Administrators should review these updates and install them as soon as possible. Also this week, <a href=\"https:\/\/www.securityweek.com\/citrix-patches-high-severity-vulnerabilities-in-windows-linux-apps\/\" rel=\"noopener\">Citrix issued<\/a> a number of patches for severe vulnerabilities in several products. These include Citrix Virtual Apps and Desktops, and Workspace for Windows and Linux. Because of the sensitivity of Citrix these should be installed as soon as possible.<\/p>\n<p data-ar-index=\"6\"><strong>Tile, which makes<\/strong> a little Bluetooth tracker for finding lost keys, wallets, purses, luggage and other things, has added an anti-theft mode to its devices. That way,<a href=\"https:\/\/www.prnewswire.com\/news-releases\/tile-takes-aim-at-bluetooth-tracker-industrys-theft-and-stalking-measures-with-launch-of-anti-theft-mode-301748350.html\" rel=\"noopener\"> the company says,<\/a> crooks or stalkers can\u2019t use a scan mode to find nearby Tile-enabled devices. Anti-theft mode makes it easier to recover stolen valuables by making it harder for thieves to know an item is being tracked by the owner.<\/p>\n<p data-ar-index=\"7\"><strong>I regularly report<\/strong> on business email compromise scams. These are attempts by email, text or voice to impersonate an executive to trick an employee into sending money in some way to a crook. A common tactic is claiming funds have to be sent to a new customer to nail down a partnership. The scams I report on are perpetrated in English-speaking countries. But <a href=\"https:\/\/intelligence.abnormalsecurity.com\/blog\/midnight-hedgehog-mandarin-capybara-multilingual-executive-impersonation\" rel=\"noopener\">a new report from Abnormal Intelligence<\/a> is a reminder that these scams have been found in 13 languages including French, German, Italian, Spanish and others. So if you\u2019re listening outside Canada, the U.S. and the U.K. your company is just as likely to get one of these messages. In whatever country you are in, be careful with messages from executives who ask you to do something involving money transfers or buying gift cards, especially if they say it has to be done fast.<\/p>\n<p data-ar-index=\"8\"><strong>Truck manufacturing<\/strong> and transportation companies need people with cybersecurity experience to protect the GPS and wireless diagnostic devices in heavy vehicles. One way the industry finds people interested in cybersecurity is through the annual CyberTruck challenge. It\u2019s a five-day event for Canadian and American university students interested in heavy vehicle cybersecurity issues. Registration is now open for this year\u2019s event during the week of June 12th in Warren, Michigan. All student expenses are covered including travel, accommodation and meals.<a href=\"https:\/\/www.cybertruckchallenge.org\/\" rel=\"noopener\"> There\u2019s a link to the application here.<\/a><\/p>\n<p data-ar-index=\"9\">That\u2019s it for now. But later today the Week in Review will be available. Guest commentator David Shipley and I will discuss cybersecurity and hospitals, as well as why executives and IT security don\u2019t communicate well.<\/p>\n<p data-ar-index=\"10\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"11\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-17-2023-a-fake-emsisoft-code-signing-certificate-found-increasing-vmware-ransomware-detected-and-more\/528223\">Cyber Security Today, Feb. 17, 2023 \u2013 A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on an attempt to fool Emsisoft protection, the continued spread of the ESXiArg ransomwar<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35716","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35716"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35716\/revisions"}],"predecessor-version":[{"id":35721,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35716\/revisions\/35721"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}