High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022.
Threat Advisories and Alerts
Critical Vulnerability Found in VMware Products
VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately.
CISA Warns of Confluence Security Flaw
CISA has added the recent Atlassian security flaw (CVE-2022-26138) to its catalog of Known Exploited Vulnerabilities. The vulnerability can provide cybercriminals with hardcoded credentials to log in to the Confluence app and potentially gain access to sensitive information. Organizations with vulnerable Confluence servers are urged to fix the flaw immediately.
Samba Vulnerabilities Could Allow Attackers to Seize Control of Users’ Systems
Samba, the standard Windows interoperability suite of programs for Unix and Linux, has released security updates to fix product vulnerabilities. If attackers exploit one of these vulnerabilities, they could take control of the affected system. Samba users and admins are advised to apply the necessary updates immediately.
Emerging Threats and Research
BlackCat Ransomware Strikes European Gas Pipeline Operator
The natural gas pipeline and electricity network operator Creos Luxembourg S.A. was recently hit with a cyberattack. The attack, which also affected Creos’ parent company Encevo, was perpetrated by the notorious BlackCat ransomware gang. While the only disruption during the attack was the Creos and Encevo portals becoming unavailable, Encevo has announced that the bad actors have stolen a “a certain amount of data.” Encevo and Creos customers are advised to reset their online account credentials and change all passwords that are the same as those of their Encevo and Creos accounts.
LockBit Ransomware Exploits Windows Defender to Load Cobalt Strike Payload
A bad actor who has been connected with the LockBit 3.0 ransomware operation has been abusing the Windows Defender command line tool. Their goal is to decrypt and load Cobalt Strike payloads while evading detection. The attacks occurred after the threat actor exploited a Log4Shell vulnerability against an unpatched VMware Horizon Server.
International Semiconductor Manufacturer Suffers Ransomware Attack
The German power electronics manufacturer Semikron has confirmed a ransomware attack on their business. The international company, which has locations in Europe, North America and Asia, released a statement that explained they suffered a partial encryption of their IT systems and files, and cybercriminals claimed to have stolen their data. Semikron is investigating the attack and will alert partners and customers if they find evidence of data theft.
10,000 Fake Investment Sites Target European Speculators
A sophisticated investment scheme has used 10,000+ domains to dupe speculators into giving personal information and funds. The scam lures victims in through a multi-stage process that begins with social media ads or pages shown on compromised accounts. Fake celebrity endorsements and guaranteed returns are used to entice targets to invest. If prospects click to learn more, they’re asked to pay €250, which provides them a personal investment counselor and a dashboard to track their investment progress. A mix of live phone scamming and online social engineering differentiate this scam from typical con jobs.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.