Health

A Woman Says She Was Denied Prenatal Care For Being Unmarried

A pregnant woman in Tennessee said her doctor declined to treat her because she’s unmarried, citing a newly enacted state law that broadly allows health care providers to refuse to perform or pay for a service if it goes against their religious or ethical beliefs. At a town hall earlier this month, the 35-year-old woman...

Fashion

Preço de corridas por app dispara e sobe 44% em 12 meses no Brasil

Motoristas reclamam que repasses não acompanham a alta e passageiros já evitam usar o serviço Motorista de aplicativo em corrida (Foto: Henrique Kawaminami) As corridas por aplicativo acumulam alta de 44,49% nos últimos 12 meses no Brasil, segundo o IPCA (Índice Nacional de Preços ao Consumidor Amplo), do IBGE. A inflação do setor acelerou com...

Science & Technology

Steadfast lifestyle changes seem best to improve cognitive decline

Regular exercise could help keep us sharp YOSHIKAZU TSUNO/AFP via Getty Images A structured course of exercise, diet, cognitive challenges and social engagement seems to be particularly effective at warding off cognitive decline, compared with more relaxed self-guided efforts. The brain’s capacity to remember, use language and solve problems tends to decline with age, often...

Technology

Scattered Spider hackers are targeting US critical infrastructure via VMware attacks

americalatinanews.com6 hours ago04 mins

Google warns of ScatteredSpider’s advanced social engineering tactics
The hackers gain privileged access and use it to deploy ransomware
The group targets critical infrastructure, retail, airline, and other industries

The infamous ScatteredSpider ransomware group is using VMware instances to target critical infrastructure organizations in the US, researchers have warned.

Security researchers from Google Threat Intelligence Group (GITG) have found the criminals are targeting critical infrastructure firms, but also retail, airline, and insurance industries.

The campaign is described as “sophisticated and aggressive”, split into multiple phases that last no longer than a couple of hours, the experts warn.

On the hunt for vCSA

In the campaign, the hackers do not exploit any vulnerabilities, but instead go for “aggressive, creative, and particularly skilled” social engineering. They first reach out to their victim’s IT desk, impersonating an employee, and asking for a reset on the employee’s Active Directory account.

After gaining the initial foothold, they would scan the network to identify high-value targets, such as domain names, VMware vSphere admins, and other security departments that can grant them admin access into the virtual environment.

Then, they would reach out to IT again, this time posing as a more privileged user, again asking for a password reset – but for an account with higher privileges.

From there, they look to access the VMware vCenter Server Appliance (vCSA), a preconfigured Linux-based virtual machine that provides centralized management for VMware vSphere environments, including the ESXi hypervisor.

This, in turn, allows them to enable SSH connections on ESXi hosts, resetting root passwords.

From this point on, it is all about identifying and exfiltrating sensitive information, in preparation for the deployment of an encryptor. Locking down the entire network is the final stage of the attack, after which the victims are pressured into paying a ransom demand.

GTIG says that the entire attack happens quickly, going from initial access to ransomware deployment in “mere hours”, warning companies to tighten up on their security across the board, and to use phishing-resistant MFA.

Via BleepingComputer

Source link

Leave a Reply Cancel reply

Related News