SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: The BlackCat ransomware group becomes one of the most widely spread families
Description: Threat actors are continually spreading the BlackCat ransomware group, raising it up the ranks of the most-used ransomware-as-a-service groups. Security researchers have seen different threat groups deploy BlackCat, sometimes after using Mimikatz as the initial infection vector and a credential dumper. Microsoft recently found that two of the most prolific ransomware groups recently switched away from other families like Conti in favor of BlackCat. BlackCat’s been spotted being deployed in regions across the globe, including Africa, North America, South America, Asia and Europe. Microsoft also warned that attackers most often target unpatched Microsoft Exchange Server instances with widely known vulnerabilities.
Title: Cisco patches critical, high-severity vulnerabilities in Email Security Appliance, home routers
Description: Cisco patched several significant vulnerabilities last week, including some in end-of-life routers it will not fix. One critical vulnerability exists in the Email Security Appliance, Secure Email and Web Manager software. Any virtual or hardware appliances running a vulnerable version of AsyncOS are affected by this vulnerability, potentially allowing attackers to bypass security protections in place on the machine. There is also a fix out for a high-severity issue in the same products that could allow an adversary to obtain information from an LDAP external authentication sever connected to the vulnerable appliance. Another issue, CVE-2022-20825, could allow an unauthenticated attacker to execute remote code on several models of Cisco’s RV series of routers. However, the devices have reached their end-of-life periods and the vulnerability will not be patched.