Pantropic Newsletter #25

Posted December 28, 2023

by Sarah






Pantropic Newsletter #25 (October 2023)

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

 

VMware patched two significant vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in vCenter Server, enabling remote code execution and unauthorized data access for non-administrative users. Users are strongly advised to update to the patched versions due to the severity of these issues. Various patches are available for different product versions, emphasizing the need for prompt updates and proactive security measures.

(Source: HelpNet Security)

LEARN MORE INFO

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

 

Cisco disclosed an actively exploited zero-day flaw (CVE-2023-20273) in IOS XE, allowing unauthorized access and control over devices. The company will release a fix starting October 22, 2023, advising users to disable the HTTP server feature until then. Software updates have been released to address these vulnerabilities, underscoring the need for users to patch the affected versions.

(Source: The Hacker News)

LEARN MORE INFO

Malvertisers Using Google Ads to Target Users Searching for Popular Software

 

A malvertising campaign exploits Google Ads to lure users searching for popular software to fake landing pages, distributing malware. Through sophisticated techniques, fake ads redirect to imitation sites to determine systems and deliver specific, evasive payloads, posing an evolving threat. Misusing Punycode, threat actors impersonate legitimate sites, endangering users’ security through visually misleading tactics.

(Source: The Hacker News)

LEARN MORE INFO

Hackers Abusing Skype and Teams to Deliver the DarkGate Malware

 

Hackers used Microsoft Teams and Skype to spread DarkGate malware, deceiving users with disguised attachments. DarkGate, a Windows-based malware, grants remote access and conducts malicious actions. Employing legitimate applications like AutoIt, it poses a significant threat. Controlling instant messaging apps, enforcing regulations, and implementing multifactor authentication are advised to combat such attacks.

(Source: Cybersecurity News)

LEARN MORE INFO

Backup and Data Security Solutions

ATEGO® ENTERPRISE

This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.

CRASHPLAN

Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.

CROWDSTRIKE FALCON

A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.

KNOWBE4 

World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.

GET IN TOUCH

Copyright © 2023 Pantropic Online Pte Ltd. All rights reserved.