Cyber Threat Report: Cyber Security News for 02/22/24

Vmware Pushes Admins To Uninstall Vulnerable, Deprecated Vsphere Plugin 
The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin. Read More

Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation
The LockBit ransomware operation has been severely disrupted by an international law enforcement operation resulting in server seizures and arrests. Read More

‘MrAgent’ Ransomware Tool from RansomHouse Group Targets ESXi Servers
Because they target ESXi servers via MrAgent, security teams should make it an immediate priority to protect hosts running their VMware infrastructure. Read More

Attacker Breakout Time Falls to Just One Hour
This so-called “breakout time” is a critical factor in how successful attacks are, as it signifies how long defenders have to detect and contain threats before attackers can conduct surveillance, establish persistence, and locate their targets. Read More

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation
Less than 24 hours after shipping emergency patches for critical security defects in its ScreenConnect remote desktop access product, ConnectWise says hackers are already launching exploits to take over enterprise accounts. Read More

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. Read More

'KeyTrap' DNS Bug Threatens Widespread Internet Outages
In testing, the length of time the DNS servers remained offline after an attack differed, but the report noted that Bind 9, the most widely deployed DNS implementation could remain stalled for up to 16 hours. Read More

Over 40% of Firms Struggle With Cybersecurity Talent Shortage
Security operations center (SOC) and security assessment and network security roles should be more staffed, with figures around 35% and 33%, respectively. Read More

Israeli El Al Alleges Hackers Targeted Flights in Mid-Air Hijack Attempt
Israel’s national airline confirmed that “hostile elements” attempted to take over the communication network of an El Al plane from Phuket, Thailand to Ben-Gurion Airport. Read More

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers
The flaws allow attackers to trick victims into connecting to malicious clones of trusted networks, intercepting their traffic, and joining otherwise secure networks without needing the password. Read More

Hackers Using Stolen Credentials To Launch Attacks As Info-Stealing Peaks
As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials available — and easily accessible — on the dark web. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

VMware vSphere's Enhanced Authentication Plug-in (EAP) has two unfixable vulnerabilities, CVE-2024-22245 and CVE-2024-22250, allowing for authentication relay and session hijacking attacks. VMware advises administrators to remove the plugin, despite its continued use, and outlines steps for its removal. Ceri Coburn, who disclosed the flaws, criticizes VMware's response and recommends transitioning to VMware vSphere 8, which offers alternative authentication methods.

An international law enforcement operation has severely disrupted the LockBit ransomware operation, resulting in server seizures, arrests, and charges against individuals. LockBit domains now display seizure notices by the UK's National Crime Agency, with involvement from agencies worldwide including the FBI and Europol. The operation led to arrests, frozen cryptocurrency accounts, server takedowns, closure of rogue accounts, and seizure of technical infrastructure, with ongoing efforts to target the group's leaders and affiliates. LockBit affiliates have been informed of law enforcement control over the platform, with significant data obtained, impacting one of the most active ransomware groups responsible for targeting numerous high-profile organizations worldwide.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.