Welcome to The Threat Show powered by Fletch! This week Chris Wilder and Darien Kindlund break down the state of the threat landscape in early 2023, as well as five major threats you need to know about, from a new Apple zero-day vulnerability to a ransomware threat that goes after your insurance details to set the perfect price.
Threat Landscape (00:56)
Darien Kindlund and Chris Wilder break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
ESXi Ransomware Updates Counter Recovery Script; Killnet Targets Airports and Hospitals (03:13)
VMware ESXi servers were the recent target of ransomware attacks, but a flaw in the malware allowed the Cybersecurity & Infrastructure Security Agency (CISA) to release recovery tools making it possible to recover your data. Unfortunately the attackers have adapted to counter the recovery script, so if you haven’t patched yet and you’re compromised, the chances of you recovering your data are next to zero.
Apple and DHS Warn of Zero-day Spyware Implant Bug Affecting iPhones (04:44)
Apple users have been warned by the Department Homeland Security about a previously fixed vulnerability that is now being used and abused by multiple spyware operators. It took about a week or less before this was operationalized.
Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy (06:19)
Fortinet has issued patches for 40 different vulnerabilities across their entire suite of products. Some are very serious, with at least one being able to cause remote code execution.
Firefox Updates Patch 10 High-Severity Vulnerabilities (08:50)
Mozilla has announced several high-severity vulnerabilities within Firefox’s ecosystem. These vulnerabilities empower attackers to easily fake trusted websites. If you’re a Firefox shop and an attacker wants to steal sensitive data from your employees, they can ship weaponized links which will look and feel legitimate to users, but putting in their credentials will really give the bad actor keys to the kingdom.
HardBit ransomware wants insurance details to set the perfect price (10:09)
HardBit is a different kind of ransomware group; when they compromise victims they also want details of the user’s cybersecurity insurance policy so they can set the perfect price for the ransom. Some insurance policies state that if you’re a victim and you disclose policy details to an attacker, the policy becomes null and void.
