Thursday, January 27, 2022

Linux version of LockBit ransomware targets VMware ESXi servers

 LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.

The enterprise is increasingly moving to virtual machines to save computer resources, consolidate servers, and for easier backups.

Due to this, ransomware gangs have evolved their tactics to create Linux encryptors that specifically target the popular VMware vSphere and ESXi virtualization platforms over the past year.

While ESXi is not strictly Linux, it does share many of its characteristics, including the ability to run ELF64 Linux executables.

To read this Full Article go Here

Wednesday, January 19, 2022

Wireless Risk Analysis and Security



The Greater Hartford Chapter of ISACA is pleased to present a "Wireless Risk Analysis and Security" webinar on Wednesday, February 9, 2022  

Wireless Risk Analysis and Security is a single-day course that provides a comprehensive view into the methods and mindset used by hackers to compromise wireless networks. Wireless can be complex and effective learning requires mastery of a new set of acronyms and how these technologies fit into the big picture.  

The Security professional will learn the skills and knowledge required to understand how wireless networks operate. This course provides the basis for performing wireless reconnaissance and exploitation using tools found in both Kali Linux and Windows. 

A real-world demo will demonstrate how security weaknesses are identified, compromised, and exploited to extract data in today's wireless networks.  Wireless Analysis & Exploitation (WAX) imparts these skills to the Security professional: - A review of networking fundamentals - A review of important Linux and Windows commands - Instruction on 802.11 Wi-Fi technologies including standards, Wi-Fi- operation, devices, terminology, acronyms, antennas, radio frequency fundamentals, standard Wi-Fi security methods, and troubleshooting. - Execution of reconnaissance activities - Execution of analysis activities - Approaches to "what happens next" once the Security professional has keys to the 802.11 network - A discussion of non-802.11 wireless technologies such as Bluetooth and Mobile Voice and Data Communications (FMC) - How to secure a wireless network . 

This webinar is presented by Jay Ferron

You can register Here



CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

 In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

  • Reduce the likelihood of a damaging cyber intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.


I will be speaking at this event for resellers and MSP you can register here

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

 Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

Wednesday, January 12, 2022

NCCoE Releases Draft Project Description for IPv6 Transition

NCCoE Releases Draft Project Description for IPv6 Transition

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Secure IPv6-Only Implementation in the Enterprise. Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory demonstration environment.

We want your feedback on this draft to help refine the project. The comment period is now open and will close on January 27, 2022.

The project will address operational, security, and privacy issues associated with the evolution to IPv6-only network infrastructures. It will demonstrate tools and methods for securely implementing IPv6, whether as a “greenfield” implementation or as a transition from an IPv4 infrastructure to an IPv6-only network. This project will result in practice guides to encourage the secure transition to IPv6-only enterprise IT environments.

We Want to Hear from You!

Review the project description and submit comments online on or before January 27, 2022. You can also help shape and contribute to this project by joining the NCCoE’s IPv6 Transition Community of Interest. Send an email to detailing your interest.

We value and welcome your input and look forward to your comments.

Blockchain for Access Control Systems: Draft NISTIR 8403 Available for Comment


Blockchain for Access Control Systems: Draft NISTIR 8403 Available for Comment

NIST has released NIST Internal Report (NISTIR) 8403, Blockchain for Access Control Systems, for public comment.

Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust – all major challenges for traditional mechanisms – has grown.

Blockchain technology offers high confidence and tamper resistance implemented in a distributed fashion without a central authority, which means that it can be a trustable alternative for enforcing access control policies. This document presents analyses of blockchain access control systems from the perspectives of properties, components, architectures, and model supports, as well as discussions on considerations for implementation.

The public comment period is open through February 7, 2022.  See the publication details for a copy of the draft and instructions for submitting comments.

Comment Period Closing Soon: NIST SP 1800-34, Validating the Integrity of Computing Devices


Public comments will close on January 17 for Volume C of NIST SP 1800-34, Validating the Integrity of Computing Devices 

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has published the preliminary draft Volume C of NIST SP 1800-34, Validating the Integrity of Computing Devices for public comment. This is a reminder that the public comment period will close on January 17, 2022. You can submit comments online or via email to

Volume C includes specific product installation, configuration, and integration instructions for building the example implementation, allowing you to replicate all or parts of this project. Help the NCCoE make this guide better by sharing your thoughts with us. If your organization prototypes this solution, please share your experience with our team. You can also stay up to date on the progress of this project by sending an e-mail to to join our Supply Chain Assurance’s Community of Interest.

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

 Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.

Introduced by Apple in 2012 on macOS Mountain Lion, TCC is essentially designed to help users configure the privacy settings of their apps, such as access to the device’s camera, microphone, or location, as well as access to the user’s calendar or iCloud account, among others. To protect TCC, Apple introduced a feature that prevents unauthorized code execution and enforced a policy that restricts access to TCC to only apps with full disk access. We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data. For example, the attacker could hijack an app installed on the device—or install their own malicious app—and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user’s screen.

It should be noted that other TCC vulnerabilities were previously reported and subsequently patched before our discovery. It was also through our examination of one of the latest fixes that we came across this bug. In fact, during this research, we had to update our proof-of-concept (POC) exploit because the initial version no longer worked on the latest macOS version, Monterey. This shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them.

Microsoft security researchers continue to monitor the threat landscape to discover new vulnerabilities and attacker techniques that could affect macOS and other non-Windows devices. The discoveries and insights from our research enrich our protection technologies and solutions, such as Microsoft Defender for Endpoint, which allows organizations to gain visibility to their networks that are increasingly becoming heterogeneous. For example, this research informed the generic detection of behavior associated with this vulnerability, enabling Defender for Endpoint to immediately provide visibility and protection against exploits even before the patch is applied. Such visibility also enables organizations to detect, manage, respond to, and remediate vulnerabilities and cross-platform threats faster.

See the rest of this article posted on Microsoft. Here

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access - Microsoft Security Blog

SFile (Escal) ransomware ported for Linux attacks

The operators of the SFile ransomware, also known as Escal, have ported their malware to work and encrypt files on Linux-based operating systems.

Attacks with this new Linux variant were spotted late last year, Chinese security firm Rising said in a report last week, confirmed by The Record with MalwareHunterTeam, one of the people behind the ID-Ransomware project.
The SFile (Escal) ransomware was first seen in attacks in February 2020.
Initial versions were written for encrypting Windows systems only.
Over the past two years, the ransomware has been used as part of targeted attacks against corporate and government networks. During these attacks, SFile is usually deployed to encrypt files, and leave a ransom note for victims telling them to contact the attackers via one of three emails and negotiate a ransom for the decryption key.

Available for Comment: Methodology for Characterizing Network Behavior of IoT Devices


NISTIR 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft NIST Internal Report (NISTIR) 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices. The public comment period is open until February 11, 2022.

Securing a network is a complex task made more challenging when Internet of Things (IoT) devices are connected to it. NISTIR 8349 demonstrates how to use device characterization techniques and the MUD-PD open source tool to describe the communication requirements of IoT devices in support of the manufacturer usage description (MUD) project. Manufacturers and network administrators can use the techniques and tools described in the report for capturing network communications from IoT devices, analyzing network captures, and generating MUD files to help ensure IoT devices perform as intended.

Your Input Matters      

The NCCoE relies on developers, providers, and users of cybersecurity technology and information to provide input to our cybersecurity reports and guidance to produce useful and technically correct resources. We look forward to receiving your comments on this draft report.

Submit comments via email to on or before February 11, 2022. You can also help shape and contribute to this project by joining the loT Community of Interest by sending an email to detailing your interest.