The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Botnets, Conti Ransomware, Disinformation, Internet of things, Phishing, VMware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
(published: May 20, 2022)
In April 2022, VMware publicly revealed several vulnerabilities affecting its products, and by May 2022 Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to mitigate two of the VMware vulnerabilities (CVE-2022-22954 and CVE-2022-22960). CVE-2022-22954 is a remote code execution (RCE) vulnerability using server-side template injection to target VMware Workspace ONE Access and Identity Manager. It can be easily exploited with a single HTTP request to a vulnerable device and was seen delivering various payloads including coinminers, Perl Shellbots, Scanning/Callbacks, and Webshells. CVE-2022-22954 is also being exploited to drop variants of the Mirai/Gafgyt, and in the case of the observed Enemybot variant, final payloads themselves embed CVE-2022-22954 exploits for further exploitation and propagation.Analyst Comment: Update impacted VMware products to the latest version or remove impacted versions from organizational networks. If a compromise is detected, immediately isolate affected systems, collect relevant logs and artifacts, and consider incident response services.MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing ..
Support the originator by clicking the read the rest link below.
