Linux version of LockBit ransomware targets VMware ESXi servers

 LockBit is the latest ransomware gang whose Linux encryptor has been
discovered to be focusing on the encryption of VMware ESXi virtual
machines.

The enterprise is increasingly moving to virtual machines to save
computer resources, consolidate servers, and for easier backups.

Due to this, ransomware gangs have evolved their tactics to create
Linux encryptors that specifically target the popular VMware vSphere and
ESXi virtualization platforms over the past year.

While ESXi is not strictly Linux, it does share many of its
characteristics, including the ability to run ELF64 Linux executables.

To read this Full Article go Here

https://www.bleepingcomputer.com/news/security/linux-version-of-lockbit-ransomware-targets-vmware-esxi-servers/?fbclid=IwAR3MsIQ82nRxC3vhmU9x-Nn_G_LJsUmEopzTXknWPrGl9LsHHrNNEmSyUeE

Wireless Risk Analysis and Security

 

Overview

The Greater Hartford Chapter of ISACA is pleased to
present a “Wireless Risk Analysis and Security” webinar on
Wednesday, February 9, 2022  

Wireless Risk Analysis and Security is a single-day course that provides a comprehensive view into the methods and mindset used by hackers to compromise wireless networks. Wireless can be complex and effective learning requires mastery of a new set of acronyms and how these technologies fit into the big picture.  

The Security professional will learn the skills and knowledge required to understand how wireless networks operate. This course provides the basis for performing wireless reconnaissance and exploitation using tools found in both Kali Linux and Windows. 

A real-world demo will demonstrate how security weaknesses are identified, compromised, and exploited to extract data in today’s wireless networks.  Wireless Analysis & Exploitation (WAX) imparts these skills to the Security professional: – A review of networking fundamentals – A review of important Linux and Windows commands – Instruction on 802.11 Wi-Fi technologies including standards, Wi-Fi- operation, devices, terminology, acronyms, antennas, radio frequency fundamentals, standard Wi-Fi security methods, and troubleshooting. – Execution of reconnaissance activities – Execution of analysis activities – Approaches to “what happens next” once the Security professional has keys to the 802.11 network – A discussion of non-802.11 wireless technologies such as Bluetooth and Mobile Voice and Data Communications (FMC) – How to secure a wireless network . 

This webinar is presented by Jay Ferron

You can register Here

 

 

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

 In response to recent malicious cyber incidents in Ukraine—including the
defacement of government websites and the presence of potentially destructive
malware on Ukrainian systems—CISA has published CISA
Insights: Implement Cybersecurity Measures Now to Protect Against Potential
Critical Threats
. The CISA Insights strongly urges leaders and network
defenders to be on alert for malicious cyber activity and provides a checklist
of concrete actions that every organization—regardless of sector or size—can
take immediately to: 

  • Reduce the likelihood of a damaging cyber
    intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an
    intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive
    cyber incident.

CISA urges senior leaders and network defenders to review the CISA
Insights
and implement the cybersecurity measures on the checklist.

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

 Zoho has released a security advisory to address an authentication bypass
vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop
Central MSP. An attacker could exploit this vulnerability to take control of an
affected system.

CISA encourages users and administrators to review the Zoho
Vulnerability Notification
and the Zoho ManageEngine
Desktop Central
 and ManageEngine
Desktop Central MSP
 security advisories and apply the recommended
mitigations immediately.

NCCoE Releases Draft Project Description for IPv6 Transition

NCCoE Releases Draft
Project Description for IPv6 Transition

The National Cybersecurity Center of Excellence (NCCoE) has
released a new draft project description, Secure IPv6-Only Implementation in the Enterprise.
Publication of this project description begins a process to further identify
project requirements, scope, and hardware and software components for use in a
laboratory demonstration environment.

We want your feedback on this draft to help refine the project.
The comment period is now open and will close on January 27, 2022.

The project will address operational, security, and privacy issues
associated with the evolution to IPv6-only network infrastructures. It will
demonstrate tools and methods for securely implementing IPv6, whether as a
“greenfield” implementation or as a transition from an IPv4 infrastructure to
an IPv6-only network. This project will result in practice guides to encourage
the secure transition to IPv6-only enterprise IT environments.

We Want to Hear from You!

Review the project description and submit comments online on or before January 27, 2022. You
can also help shape and contribute to this project by joining the NCCoE’s IPv6
Transition Community of Interest. Send an email to [email protected] detailing your
interest.

We value and welcome your input and look forward to your comments.

Blockchain for Access Control Systems: Draft NISTIR 8403 Available for Comment

 

Blockchain for Access
Control Systems: Draft NISTIR 8403 Available for Comment

NIST has released NIST Internal Report (NISTIR) 8403, Blockchain for
Access Control Systems
, for public comment.

Protecting system resources against unauthorized access is the
primary objective of an access control system. As information systems rapidly
evolve, the need for advanced access control mechanisms that support
decentralization, scalability, and trust – all major challenges for traditional
mechanisms – has grown.

Blockchain technology offers high confidence and tamper resistance
implemented in a distributed fashion without a central authority, which means
that it can be a trustable alternative for enforcing access control policies.
This document presents analyses of blockchain access control systems from the
perspectives of properties, components, architectures, and model supports, as
well as discussions on considerations for implementation.

The public comment period is open through February 7, 2022. 
See the publication details
for a copy of the draft and instructions for submitting comments.



Comment Period Closing Soon: NIST SP 1800-34, Validating the Integrity of Computing Devices

 

Public comments will
close on January 17 for Volume C of NIST SP 1800-34, Validating the Integrity
of Computing Devices 

The National Institute of Standards and Technology’s National
Cybersecurity Center of Excellence (NCCoE) has published the preliminary draft
Volume C of NIST SP
1800-34, Validating the Integrity of Computing Devices
for public
comment. This is a reminder that the public comment period will close on
January 17, 2022. You can submit comments
online
or via email to [email protected].

Volume C includes specific product installation, configuration,
and integration instructions for building the example implementation, allowing
you to replicate all or parts of this project. Help the NCCoE make this guide
better by sharing your thoughts with us. If your organization prototypes this
solution, please share your experience with our team. You can also stay up to
date on the progress of this project by sending an e-mail to [email protected] to join our Supply
Chain Assurance’s Community of Interest.

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

 Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.

Introduced by Apple in 2012 on macOS Mountain Lion, TCC is essentially designed to help users configure the privacy settings of their apps, such as access to the device’s camera, microphone, or location, as well as access to the user’s calendar or iCloud account, among others. To protect TCC, Apple introduced a feature that prevents unauthorized code execution and enforced a policy that restricts access to TCC to only apps with full disk access. We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data. For example, the attacker could hijack an app installed on the device—or install their own malicious app—and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user’s screen.

It should be noted that other TCC vulnerabilities were previously reported and subsequently patched before our discovery. It was also through our examination of one of the latest fixes that we came across this bug. In fact, during this research, we had to update our proof-of-concept (POC) exploit because the initial version no longer worked on the latest macOS version, Monterey. This shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them.

Microsoft security researchers continue to monitor the threat landscape to discover new vulnerabilities and attacker techniques that could affect macOS and other non-Windows devices. The discoveries and insights from our research enrich our protection technologies and solutions, such as Microsoft Defender for Endpoint, which allows organizations to gain visibility to their networks that are increasingly becoming heterogeneous. For example, this research informed the generic detection of behavior associated with this vulnerability, enabling Defender for Endpoint to immediately provide visibility and protection against exploits even before the patch is applied. Such visibility also enables organizations to detect, manage, respond to, and remediate vulnerabilities and cross-platform threats faster.

See the rest of this article posted on Microsoft. Here

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access – Microsoft Security Blog

SFile (Escal) ransomware ported for Linux attacks

The operators of the SFile ransomware, also known as Escal, have ported their malware to work and encrypt files on Linux-based operating systems.

Attacks with this new Linux variant were spotted late last year, Chinese security firm Rising said in a report last week, confirmed by The Record with MalwareHunterTeam, one of the people behind the ID-Ransomware project.
The SFile (Escal) ransomware was first seen in attacks in February 2020.
Initial versions were written for encrypting Windows systems only.
Over the past two years, the ransomware has been used as part of targeted attacks against corporate and government networks. During these attacks, SFile is usually deployed to encrypt files, and leave a ransom note for victims telling them to contact the attackers via one of three emails and negotiate a ransom for the decryption key.