- FBI and FinCEN Release Advisory on AvosLocker Ransomware
- CISA Adds 66 Known Exploited Vulnerabilities to Catalog
- VMware Releases Security Updates
_______________________________
FBI and FinCEN Release Advisory on AvosLocker Ransomware
Situation
The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware.
Problem
AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.
Multiple victims have reported on premise Microsoft Exchange Server vulnerabilities as the likely intrusion vector
Implication
An attacker could exploit these vulnerabilities to deploy ransomware in the target environment.
Need
Review the joint advisory for IOCs and mitigation tactics.
For a more technical description:
https://www.ic3.gov/Media/News/2022/220318.pdf
________________________________
CISA Adds 66 Known Exploited Vulnerabilities to Catalog
Situation
CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Problem
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
Implication
An attacker could exploit these vulnerabilities to take control over the affected system.
Need
Review the catalog by CISA.
For a brief description:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
________________________________
VMware Releases Security Updates
Situation
VMware has released security updates to address multiple vulnerabilities in VMware “Carbon Black App Control” software.
Problem
VMware “Carbon Black App Control” contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
Implication
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Need
Review the “VMware Security Advisory” and apply the necessary updates.
VMware Security Advisory:
https://www.vmware.com/security/advisories/VMSA-2022-0008.html
For a brief description:
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/vmware-releases-security-updates