Welcome to The Threat Show powered by Fletch! This week we're joined by Patrick Pocalyko, the EVP/GM of North America at CYREBRO, a SOC platform that offers incident response and threat hunting services to clients in order to protect their businesses from costly disruptions to business operations. Patrick talks about why SMEs should hire a SOC provider, how to spot the threats that actually matter to your business, and much more.
We also discuss four major threats you need to know about.
VMware warns of ransomware attacks on unpatched ESXi hypervisors (02:14)
VMware ESXi, a virtual machine hosting platform, has been a target of ransomware attacks, with a patch being released about 6 months ago. Unfortunately, most small/medium sized businesses might not have implemented this fix, so if your ESXi server has been exposed to the internet without being patched, you could be affected by several types of ransomware.
ESXiArgs Ransomware Virtual Machine Recovery Guidance (03:28)
The ESXi ransomware operators haven’t been fully successful in their campaign, to the point that CISA has released a recovery tool that can undo some of the damage if you have been compromised.
Threat group targets over 1,000 companies with screenshotting and infostealing malware (06:13)
The Screentime threat group has attacked over 1,000 organizations with weaponized links/attachments through email that compromise systems. Rather than stealing data and files, they look at screen recordings of compromised systems and once they find sensitive info they deliver second stage malware.
Onenote Malware: Classification and Personal Notes (12:00)
Bad actors are avoiding protections around 1-click to compromise attacks by using malicious OneNote attachments in phishing emails. If you’re on a Windows system with Office installed, you have OneNote even if you don’t use it.
OpenSSL Ships Patch for High-Severity Flaws (17:09)
A number of high-severity bugs have appeared within OpenSSL, and if you’ve implemented OpenSSL in an app and configured it to check for revoked certificates in non-standard ways, you could open yourself up to a vulnerability. Attackers could potentially steal protected information that was previously wrapped in encryption by OpenSSL.
