Security News > 2021 > September

A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. On Monday, exploit writer wvu released an unredacted exploit for CVE-2021-22005 that works against endpoints with the Customer Experience Improvement Program component enabled, which is the default state.

Microsoft has warned of a new tool designed to exfiltrate credentials and introduce a backdoor into Active Directory servers that is under active use by the Nobelium threat actor group. The FoggyWeb malware, Microsoft has declared, is designed to target Microsoft Active Directory Federation Services servers, exfiltrating credentials, configuration databases, decrypted token-signing and token-decryption certificates, and to download additional components to set up a permanent backdoor and attack the network more widely.

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

Only ZTE and Huawei kit is held to pose such a threat. The FCC will notify successful applicants not long afterwards, then in Q2 2022 will advise of funding allocations.

FBI accused of withholding ransomware key as part of REvil probe. The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.

Companies are spending more than ever on cybersecurity but, despite a plethora of new security systems, they continue to be vulnerable to attacks, which are not only becoming more numerous but are also taking a greater financial and business toll on organizations. To truly protect themselves, organizations need to get past the belief that the more money they spend, and the more security systems they implement, the better protected they will be.

A US citizen has admitted to helping the Democratic People's Republic of Korea to establish cryptocurrency capabilities and faces up to 20 years jail for his actions. The DoJ alleges Griffith and his co-conspirators "Provided instruction on how the DPRK could use blockchain and cryptocurrency technology to launder money and evade sanctions," and "How blockchain technology such as 'smart contracts' could be used to benefit the DPRK, including in nuclear weapons negotiations with the United States."

A US citizen has admitted to helping the Democratic People's Republic of Korea to establish cryptocurrency capabilities and faces up to 20 years jail for his actions. The Department of Justice on Monday revealed that Virgil Griffith, a US citizen resident in Singapore, hatched plans in 2018 to help an individual in the hermit kingdom mine cryptocurrency.

At the heart of all this, credential compromise is the leading cause of ransomware attacks, because credentials give hackers the access they need to hold your systems hostage. To understand the issue of credentials in ransomware attacks, one must understand what credentials really are.

VMware announced findings from a study on the relationship between IT, security, and development teams as organizations adopt a zero trust security model. Organizations where security and development teams have a positive relationship can accelerate the software development lifecycle five business days faster than those without - demonstrating how speed to market and competitive advantage are at stake here.