We're back with our weekly security update! Going into 2022, we're working to make 7 Second Security your must-check resource for staying up-to-date on security events in a weekly recap.
Using VMware’s Cloud Foundation, ESXi, Fusion or Workstation?
Do this: Apply the latest VMware security patches now.
Why: A malicious actor with access to a virtual machine can exploit a vulnerability in the CD-ROM device emulation functionality, in conjunction with other issues, to execute code on the hypervisor.
Additional Info: https://threatpost.com/unpatched-vmware-bug-hypervisor-takeover/177428/
Using Norton360 Antivirus?
Do this: Be aware that the product contains a crypto miner that you can enable on your machine, for a 15% fee to Norton (of course).
Why: Cryptomining is extrememly intensive on computer hardware and could lead to premature hardware failure. In addition, there are security risks associated with cryptomining and scams for users that aren't familiar with how digital coins work. Moreover, with this feature, some users have reported difficulty turning it off, once it has been enabled.
Additional Info: More info... https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.