Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 31 – 2024

Publication date

02.08.2024

Featured Story

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Researchers from the Shadowserver Foundation have reported that approximately 20,000 VMware ESXi servers exposed online are impacted by the exploited vulnerability CVE-2024-37085. This flaw is an authentication bypass vulnerability in VMware ESXi. Microsoft has warned that multiple ransomware gangs are exploiting this recently patched vulnerability.

The flaw allows a malicious actor with sufficient Active Directory permissions to gain full access to an ESXi host by recreating the configured AD group after it was deleted from AD.

SOC Analysis:
Any reported ESXi instance should be treated as potentially vulnerable. Broadcom has released a patch for ESXi 8.0 and VMware Cloud Foundation 5.x. A workaround is also available if patching is not immediately possible. Contact us if assistance is needed.

Other Stories

A crafty phishing campaign targets Microsoft OneDrive users

A sophisticated phishing campaign has been targeting Microsoft OneDrive users with HTML files posing as DNS fixes. The campaign uses PowerShell to execute scripts that download and run malicious payloads using AutoIt.

SOC Analysis:
This campaign has not yet reached wide circulation in Europe, but preventive measures like Microsoft Defender for Office 365 can mitigate the threat. If you’d like your Microsoft 365 environment reviewed, reach out to us.

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

Threat actors are hijacking social media pages, disguising them as AI photo editors, and pushing malvertising campaigns to distribute malware like Lumma Stealer. The attack relies on phishing, fake software, and credential theft.

SOC Analysis:
Be extremely cautious when downloading unknown software, even from “sponsored” posts. Avoid using personal or work devices to test free tools, and refer to TrendMicro’s IOCs for deeper threat detection.

Sitting Ducks attack technique exposes over a million domains to hijacking

The Sitting Ducks attack exploits DNS misconfigurations to hijack domains without needing access to the owner’s account. Over 1 million domains are exposed daily, making this a significant global threat with observed Russian-linked activity.

SOC Analysis:
Although mainly targeting DNS providers, end users should stay vigilant. Always verify unexpected website behaviors, avoid suspicious links, and navigate directly to known URLs. Report anything suspicious to Safeonweb.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?