Security News

The Federal Bureau of Investigation warned today that US organizations and individuals are being increasingly targeted in BEC attacks on virtual meeting platforms. In a Public Service Announcement issued today, the FBI said it noticed scammers switching to virtual meeting platforms matching the overall trend of businesses moving to remote work during the pandemic.

Tiffany Xingyu Wang, chief strategy and marketing officer at Spectrum Labs, predicts that the harassment and personal attacks that 41% of the U.S. internet users have experienced online will get worse in virtual worlds. Companies that build safe and responsible communities will have a competitive edge in the metaverse.

Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It's called Virtual Machine Threat Detection, and will help select Security Command Center customers detect cryptomining malware inside their virtual machines.

Qubes OS has very specific hardware requirements, in particular the need for IOMMU-based virtualization in the BIOS or UEFI. It also needs 64-bit Intel or AMD processor, 6GB of RAM and 32GB of hard disk free space. Users without experience with Qubes OS should first go for a virtual machine installation to get the feel and really test it before installing.

Here's a little light at the end of the tunnel: a slew of new online and in-person events from SANS Institute that will help you sharpen up your cybersec skills or learn completely new ones. SANS Threat Hunting London 2022 runs from January 10 to 15, both in-person in London, and online, with seven courses from Advanced Incident Response, Threat Hunting, and Digital Forensics, to in-depth programs such as Purple Team Tactics - Adversary Emulation for Breach Prevention and Detection.

Across the country businesses and public agencies alike are holding virtual job fairs and summits and talking about the effects of the virtual workforce. One solution to this hurdle is the virtual desktop, such as Microsoft's Azure Virtual Desktop, which can be an easy way to deploy and manage desktop and application virtualization via a service running in the cloud.

"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering." As incident after incident of ransomware infection requires payments in cryptocurrency, there is little reason to doubt this is a crytpocurrency crackdown.

Most experiencing virtual collaboration technology issues. When asked if they have experienced issues due to virtual collaboration technology, 91% of executives reported that they had. The biggest complaints included difficulty hearing or understanding a speaker due to connectivity issues, callers joining late because they couldn't get access, and being unable to share content on screen due to freezing or other screen sharing issues.

Microsoft has fixed a bug blocking some Azure Virtual Desktop devices from downloading and installing monthly security via Windows Server Update Services since early July. Microsoft also provides two workarounds that allow customers to apply monthly security updates on Azure Virtual Desktop systems using WSUS if they can't immediately deploy the KB5005565 CU that fixes the known issue.

Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor."This is one of the fastest ransomware attacks Sophos has ever investigated and it appeared to precision-target the ESXi platform," said Andrew Brandt, principal researcher at Sophos.