Cybersecurity

Email remains one of the most common attack vectors for threat actors seeking access into an organization’s network infrastructure. One of the more stealthy tactics adversaries employ to fool users into clicking on malicious links or attachments is email spoofing, where an email or link appears to come from a legitimate source but has been modified to obfuscate malicious intent. Some common forms of email spoofing include business email compromise (BEC), legitimate domain spoofing, lookalike domain spoofing, and spear phishing.

Attention: Members using impacted VMware products are strongly encouraged to pass this information along to IT support personnel and/or third party IT/managed service providers to be promptly addressed.

As anticipated, a working proof-of-concept has been developed for CVE-2022-22972. Security researchers have published an analysis report and working exploit. The public disclosure of exploits typically reduces the time to active exploitation by threat actors and increases the risk of compromise posed to devices that remain unpatched.

Security researchers have discovered a new phishing campaign that leverages malicious PDFs and a five-year-old remote code execution (RCE) vulnerability to deliver Snake Keylogger malware to victim devices. Snake Keylogger steals credentials, victim keystrokes, screenshots of victim’s screen, and clipboard data. In this particular campaign, victims’ receive an email named “Remittance Invoice,” with a weaponized PDF attached. When the PDF is opened, Adobe Reader prompts them with a Word document, deceivingly named “has been verified” to trick users into opening it.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released its Analysis of FY21 Risk and Vulnerability Assessments along with an infographic mapping to the MITRE ATT&CK® Framework of 112 Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2021.