A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.

A new ESET study of 17 malware frameworks that threat actors have used over the past decade to target air-gapped systems showed every one of them used a USB drive to introduce malware into the environment and extract data from there. The security vendor found that the best defense for organizations against attacks on air-gapped systems is to restrict USB use as much as possible and to monitor them closely in situations where the devices need to be used.

https://www.eset.com/ca/about/newsroom/press-releases/eset-research-analyzes-malicious-frameworks-targeting-air-gapped-networks-dissects-15-years-of-nati-2/

Read more

Hello All. Anyone out there using Apple’s AirTags? AirTags use ultra-wideband technology and take advantage of Apple’s existing network of devices, which work as crowdsourced beacons to ping each other in order to determine your missing item’s location.

I stumbled across a really interest YouTube channel called MegaLag out of Germany. Really enjoyed the content. There are a number of videos including, “I sent an AirTag to North Korea, Tim Cook and Elon Musk!”.  Enjoy!

 

Part 1

 

Part 2

 

Part 3

\

Read more

Hello All. VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information.

The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, and impacts vCenter Server versions 6.5 and 6.7.

“A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information,” the company noted in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the flaw.

The second shortcoming remediated by VMware relates to an SSRF (Server-Side Request Forgery) vulnerability in the Virtual storage area network (vSAN) Web Client plug-in that could allow a malicious actor with network access to port 443 on vCenter Server to exploit the flaw by accessing an internal service or a URL request outside of the server.

The company credited magiczero from SGLAB of Legendsec at Qi’anxin Group with discovering and reporting the flaw.

Further information can be found at:

Read more