Daily Perk 3/31/2021

In this together

Patch it Now: per ZDNet, 2 critical vulnerabilities found in VMWare vRealize. These could result in admin credential theft in the AI-based platform that offers “self-driving IT operations management for private, hybrid and multi-cloud environments”. As we continue the mass migration to all things cloud, this opens up a whole new world of vulnerability and exploit possibilities through the universe of third party products and services.

WordPress Warning: per Bleeping Computer there are counterfeit versions of the jQuery Migrate plugin being injected. This plugin is used on over 7.2 million websites so early warning and watch your site

Campaign targets Japan’s industrial sector with fileless malware & backdoors per Securelist

This is an interesting one to be aware of because it involves several strains of fileless malware not seen before in a sophisticated campaign that has been targeting the industrial sector in Japan. Most notable is “Ecipekac”, a “very sophisticated multi-layer malware” with fileless malware payloads P8RAT and SodaMaster.

Kaspersky has been tracking the activity since 2019, and believes it is part of China’s well-established APT10. Fileless malware is hard to detect and doesn’t leave traces behind for forensics and learning afterwards – it’s something associated with an advanced/resourced/ determined threat actor.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s