Pantropic Newsletter #29

Posted April 10, 2024

by Sarah


Pantropic Newsletter #29 (February 2024)

Senior executives affected in largest observed Microsoft Azure data breach


Hackers have compromised hundreds of Microsoft Azure accounts, including various high-level executives, in the platform’s most substantial breach observed yet. The attackers crafty used phishing techniques and account takeover exploits to stealthily steal sensitive data and money for financial gain. Microsoft urgently advises quickly identifying any compromised access, detecting unauthorized activity, and immediately changing potentially exposed passwords to prevent further damage from this active, ongoing attack campaign.

(Source: Cyberdaily)


Arcserve Makes Sudden Cloud Services Exit, Leaves MSPs Scrambling


Rather unexpectedly, Arcserve discontinued multiple cloud backup products this week, abruptly leaving their managed service provider partners blindsided with alarmingly less than 6 mere months to scramble and migrate the affected customers. While Arcserve tried justifying this move by discussing strategic business alignments, mounting operational costs, and shifting re-investment priorities, the now frantically scrambling partners feel  quite disappointed and concerned after loyally sticking through previous issues.

(Source: CRN)


VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin


With growing urgency, VMware is strongly advising administrators to promptly uninstall an outdated, vulnerable vSphere authentication plugin rather than attempt patching it, therefore exposing their networks to potential authentication relay and dangerous session hijack attacks in the rather risky interim period. VMware recommends smoothly transitioning towards upgrading to vSphere 8’s more modern, secure access options before the deprecated plugin reaches official end-of-life while still concerningly leaving any remaining vSphere 7 installations vulnerably exposed until 2025 when ongoing support eventually concludes.

(Source: Help Net Security)


First ever iOS trojan discovered — and it’s stealing facial recognition data to break into bank accounts


The very first iOS banking trojan has been spotted, alarmingly showing its capability to use stolen facial recognition data and cunning social engineering tricks to covertly raid financial accounts after deliberately targeting Vietnamese and Thai iPhone users initially. Deceptively leveraging Apple’s own internal testing and device management programs for distribution access footholds, this dangerous trojan could potentially expand attacks to target countless other iPhone and Android users more globally if its initial fraud campaigns manage to succeed and scale up accordingly.

(Source: Tom’s Guide)


Urgent Windows update fixes loads of security flaws including two zero-days — install this patch right now


As part of its most recent, highly important monthly Patch Tuesday updates, Microsoft has urgently addressed an eye-opening 73 total flaws, including two zero-days that were actively being exploited in the wild to allow dangerous remote code injection and alarming security bypass exploits. Users should quickly install these critical Windows and Microsoft Edge security updates promptly to harden their devices before sophisticated hackers can attempt to further leverage these vulnerabilities to stealthily access more compromised systems and sensitive data.

(Source: Tom’s Guide)


Backup and Data Security Solutions


This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.


Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.


A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.


World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.


Copyright © 2024 Pantropic Online Pte Ltd. All rights reserved.