SECURITY ALERT: Apache Log4j “Log4Shell” Remote Code Execution 0-Day Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

SUMMARY

Updated on 12/29/2021 @ 2:00PM GMT with updated information about Trend Micro Log4Shell Vulnerability Assessment Tool and new CVE-2021-44832.

Jump directly to information on affected/not-affected Trend Micro Products

On December 9, 2021, a new critical 0-day vulnerability impacting multiple versions of the popular Apache Log4j 2  logging library was publicly disclosed that, if exploited, could result in  Remote Code Execution (RCE) by logging a certain string on affected installations.  

This specific vulnerability has been assigned CVE-2021-44228 and is also being commonly referred to as “Log4Shell” in various blogs and reports.  Versions of the library said to be affected are versions 2.0-beta 9 to 2.14.1.https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/.

On December 14, 2021, information about a related vulnerability CVE-2021-45046 was released that recommended that users upgrade to at least version 2.16.0+ of Log4j 2.

Based on our analysis, the rules and protections listed below for CVE-2021-44228 are also effective against CVE-2021-45046.

On December 18, 2021, information about a potential “3rd wave” and version 2.17.0 has been released and assigned CVE-2021-45105.  Information about protection is below and ZDI has a technical blog about it here:  https://www.zerodayinitiative.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via-uncontrolled-recursion-in-log4j-strsubstitutor . 

On December 28th, yet another RCE (CVE-2021-44832) was discovered and disclosed.  Although not as critical as the initial vulnerabilities (CVSS 6.6), it is still recommended that administrators do their due diligence to update to the latest version available (2.17.1).

Background

Log4j is an open-open source, Java-based logging utility that is widely deployed and used across a variety of enterprise applications, including many cloud services that utilize Apache web servers.  

The vulnerability (assigned as CVE-2021-44228) is a Java Naming and Directory InterfaceTM (JNDI) injection vulnerability in the affected versions of Log4j listed above.  It can be triggered when a system using an affected version of Log4j 2 includes untrusted data in the logged message – which if this data includes a crafted malicious payload, a JNDI lookup is made to a malicious server.  Depending on the information sent back (response) a malicious Java object may be loaded, which could eventually lead to RCE.  In addition, attackers who can control log messages or their parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. 

The challenge with this vulnerability is widespread use of this particular logging utility in many enterprise and cloud applications.  JDNI lookups support multiple protocols, but based on analysis so far, exploitability depends on the Java versions and configurations.  From a practical standpoint, just because a server has implemented an affected version of Log4j 2, it does not automatically mean it is vulnerable depending on its configuration.

Trend Micro Research is continuing to analyze this vulnerability and its exploits and will update this article as more information becomes available.  A comprehensive blog with more background information can be found here .DETAILS

Protection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor’s patches when they become available.

A new version of Log4j 2 has been released which reportedly resolves the issue:  Version 2.17.1 is now availableand is the suggested update.   Users with affected installations should consider updating this library at the earliest possible time.

Note:  due to additional waves of new exploits, the previous manual mitigation steps published have proven not to be sufficient and have been removed.

Trend Micro Protection and Investigation

In addition to the vendor patch(s) that should be applied, Trend Micro has released some supplementary rules, filters and detection protection that may help provide additional protection and detection of malicious components associated with this attack servers that have not already been compromised or against further attempted attacks.

The following demo video highlights ways in which Trend Micro can help customers discover, detect and provide protection:  https://www.youtube.com/watch?v=r_IggE3te6s.

Using Trend Micro Products for Investigation

Trend Micro Log4j Vulnerability ScannerTrend Micro Research has created a quick web-based scanning tool that can help users and administrators identify server applications that may be affected but the Log4Shell vulnerability.The tool can be found at: https://log4j-tester.trendmicro.com/ and a demo video can be found at: https://youtu.be/7uix6nDoLBs.

Trend Micro Log4Shell Vulnerability Assessment ToolTrend Micro also has created a free assessment tool that can quickly identify endpoints and server applications that may have Log4j using the power of Trend Micro Vision One.This quick and easy self-serve security assessment tool leverages complimentary access to the Trend Micro Vision One threat defense platform, so you can identify endpoints and server applications that may be affected by Log4Shell. The assessment instantly provides a detailed view of your attack surface and shares next steps to mitigate risks.

The free assessment tool can be found at: https://resources.trendmicro.com/Log4Shell-Vulnerability-Assessment.html .

Please note, if you are already a Trend Micro Vision One customer, you do not need to complete the form. Simply log into your console and you will be provided instructions to complete the assessment of your exposure.

Trend Micro Vision One™

Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Apex One. In addition, depending on their data collection time range, Trend Micro Vision One customers may be able to sweep for IOCs retrospectively to identify if there was potential activity in this range to help in investigation.

Vision One Threat Intelligence Sweeping

Indicators for exploits associated with this vulnerability are now included in the Threat Intelligence Sweeping function of Trend Micro Vision One. Customers who have this enabled will now have the presence of the IOCs related to these threats added to their daily telemetry scans.  

The first sweep, “Vulnerable version of log4j….” is slightly different than the others in that instead of specific IOCs, it is looking for specific instances of log4j libraries on systems which can help a customer narrow down or give additional insights on potentially vulnerable systems.

The results of the intelligence scans will populate in the WorkBench section of Vision One (as well as the sweep history of each unfolded threat intelligence report).

image.png

Please note that customers may also manually initiate a scan at any time by clicking the 3 dots at the right of a rule and selecting the “Start Sweeping” option.

Vision One Search Queries for Deep Security Deep Packet Inspection

Customers who have Trend Micro Cloud One – Workload Security or Deep Security may utilize the following search query to identify hosts and then additional queries can be made with a narrowed timeframe on those hosts as additional information is learned about exploits.

eventName:DEEP_PACKET_INSPECTION_EVENT AND (ruleId:1008610 OR ruleId:1011242 OR ruleId:1005177) AND ("${" AND ("lower:" OR "upper:" OR "sys:" OR "env:" OR "java:" OR "jndi:"))

image

Trend Micro Cloud One™ – Conformity

Trend Micro Cloud One – Conformity allows gives customers central visibility and real-time monitoring of their cloud infrastructure by enabling administrators to auto-check against nearly 1000 cloud service configuration best practices across 90+ services and avoid cloud service misconfigurations. 

The following rules are available to all Trend Micro Cloud One – Conformity customers that may help provide more insight to customers looking to isolate affected machines (more information can be found here for rule configuration):

  • Lambda-001 :  identifies all Lambdas that are running Java which may be vulnerable.

Graphical user interface, text, application, email  Description automatically generated

Graphical user interface, text, application, email  Description automatically generated

Preventative Rules, Filters & Detection

A demo video of how Trend Micro Cloud One can help with this vulnerability can be found at: https://youtu.be/CorEsXv3Trc.

Trend Micro Cloud One – Workload Security and Deep Security IPS Rules

  • Rule 1011242 – Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

This rule is recommended by default, and please note that the port lists may need to be updated for applications running on non-default ports.

  • Rule 1005177 – Restrict Java Bytecode File (Jar/Class) Download
  • Rule 1008610 – Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request

Rule 1008610 is a SMART rule that can be manually assigned to assist in protection/detection against suspicious activity that may be associated with this threat.  This is not a comprehensive replacement for the vendor’s patch.
 
Please also note that rule 1008610 is shipped in DETECT, and must be manually changed to PREVENT if the administrator wishes to apply this.  Also, please be aware that due to the nature of this rule, there may be False Positives in certain environments, so environment-specific testing is recommended. 

  • Rule 1011249 – Apache Log4j Denial of Service Vulnerability (protects against CVE-2021-45105)

Trend Micro Cloud One – Workload Security and Deep Security Log Inspection

  • LI Rule 1011241 – Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
  • A custom LI rule can also be created to detect patterns as discovered in the future.  More information can be found here.

Trend Micro Apex One Integrated Vulnerability Protection (iVP) Rules

  • Rule 1011242 – Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
  • Rule 1011249 – Apache Log4j Denial of Service Vulnerability (protects against CVE-2021-45105)

Trend Micro Deep Discovery Inspector (DDI) Rules

  • Rule 4280:  HTTP_POSSIBLE_USERAGENT_RCE_EXPLOIT_REQUEST
  • Rule 4641 : CVE-2021-44228 – OGNL EXPLOIT – HTTP(REQUEST)
  • Rule 4642 : POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT – HTTP(REQUEST)
  • Rule 4643:  POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT – HTTP (REQUEST) – Variant 2

Trend Micro Cloud One – Network Security and TippingPoint Recommended Actions

  • Filter 40627 : HTTP: JNDI Injection in HTTP Header or URI

This was released in Digital Vaccine #9621 and has replaced CSW C1000001 that was previously released.

Trend Micro recommends customers enable this filter in a block and notify posture for optimal coverage. Starting with Digital Vaccines released on 12/21/2021, it will be enabled by default. Since it may not be enabled in your environment, Trend Micro strongly recommends you confirm the filter is enabled in your policy.  

  • Filter 40652: HTTP: Apache Log4j StrSubstitutor Denial-of-Service Vulnerability (ZDI-21-1541)
    • Covers CVE-2021-45105


What other controls can be used to disrupt the attack?

This attack is successful when the exploit is used to initiate a transfer of a malicious attack payload.  In addition to the filter above, these techniques can help disrupt that chain:

  • Geolocation filtering can be used to reduce possible attack vectors. Geolocation filtering can block inbound and outbound connections to any specified country, which may limit the ability for attackers to exploit the environment. In cases where a business only operates in certain regions of the globe, proactively blocking other countries may be advisable.
  • For TippingPoint IPS, TPS, and vTPS products
    Trend Micro also recommends enabling DNS and URL reputation as a proactive means of securing an environment from this vulnerability. Leveraging Trend Micro’s rapidly evolving threat intelligence, TippingPoint appliances can help disrupt the chain of attack destined to known malicious hosts.

    Additionally, Reputation filtering can be leveraged to block Anonymous proxies that are commonly used in exploit attempts. Any inbound or outbound connections to/from an anonymous proxy or anonymizer service can be blocked by configuring a reputation filter with “Reputation DV Exploit Type” set to “Tor Exit” to a Block action.
  • For Cloud One – Network Security
    Anonymous proxies are also an independent, configurable “region” that can be selected as part of Geolocation filtering. This will block any inbound or outbound connection to/from an anonymous proxy or anonymizer service, which can be commonly used as part of exploit attempts.

    Domain filtering can also be used to limit the attack vectors and disrupt the attack chain used to exploit this vulnerability. In this case, any outbound connection over TCP is dropped unless the domain being accessed is on a permit list. If the attacker’s domain, e.g. http://attacker.com, is not on the permit list, then it would be blocked by default, regardless of IPS filter policy.



Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)

  • Web Reputation (WRS):  Trend Micro has added over 1700 URLs (and growing) to its WRS database to block that are linked to malicious reporting and communication vectors associated with observed exploits against this vulnerability.
  • Ransomware Detection – there have been observations about a major ransomware campaign (Khonsari) being utilized in attacks and Trend Micro detects components related to this as Ransom.MSIL.KHONSARI.YXBLN.
  • VSAPI (Pattern) Detections:  the following detections have been released in the latest OPR for malicious code associated with exploits –
    • Trojan.Linux.MIRAI.SEMR
    • HS_MIRAI.SMF
    • HS_MIRAI.SME
    • Trojan.SH.CVE20207961.SM
    • Backdoor.Linux.MIRAI.SEMR
    • Trojan.SH.MIRAI.MKF
    • Coinminer.Linux.KINSING.D
    • Trojan.FRS.VSNTLB21
    • Trojan.SH.MALXMR.UWELI
    • Backdoor.SH.KIRABASH.YXBLL
    • Backdoor.Linux.MIRAI.SMMR1
    • Coinminer.SH.MALXMR.UWEKG
    • Coinminer.Linux.MALXMR.SMDSL64
    • Backdoor.Linux.GAFGYT.SMMR3
    • Coinminer.Win64.MALXMR.TIAOODGY
    • Rootkit.Linux.PROCHID.B
    • ELF_SETAG.SM
    • Backdoor.Linux.TSUNAMI.AMZ
    • Coinminer.PS1.MALXMR.PFAIQ
    • Trojan.SH.TSUNAMI.A
    • Trojan.PS1.METERPRETER.E
    • Coinminer.Linux.MALXRMR.PUWENN

Trend Micro Cloud One – Application Security

Trend Micro Cloud One – Application Security can monitor a running application and stop unexpected shell commands from executing.   The product’s RCE configuration can be adjusted to help protect against certain exploits associated with this vulnerability using the following steps:

  1. Log into Trend Micro Cloud One and navigate to Application Security.
  2. Select “Group;s Policy” in the left-hand menu and find your application’s Group.
  3. Enable “Remote Command Execution” if not already enabled.
  4. Click the hamburger icon for “Configure Policy” and then click the ” < INSERT RULE > ” icon.
  5. Input (?s).* in the “Enter a pattern to match” field and hit “Submit” and “Save Changes.”
  6. Double-check that “Mitigate” is selected in your “Remote Command Execution” line item.

Trend Micro Cloud One – Open Source Security by Snyk

Trend Micro Cloud One – Open Source Security by Snyk can identify vulnerable versions of the log4j library across all organization source code repositories with very little integration effort.  Once installed, it can also monitor progress on updating to non-vulnerable versions.




TXOne Preventative Rules for Edge Series Products

Several rules for the TXOne Edge Series of products can be found here: https://www.txone-networks.com/blog/content/critical-log4shell-vulnerability .


Trend Micro is continuing to actively research the potential exploits and behavior around this vulnerability and is actively looking for malicious code that may be associated with any exploit attempts against the vulnerability and will be adding additional detection and/or protection as they become available.

Impact on Trend Micro Products

Trend Micro is currently doing a product/service-wide assessment to see if any products or services may be affected by this vulnerability.  Products will be added to the lists below as they are validated.

Products Confirmed Not Affected (Including SaaS Solutions that have been patched):

 

5G Mobile Network SecurityNot Affected
ActiveUpdateNot Affected
Apex Central (including as a Service)Not Affected
Apex One (all versions including SaaS, Mac, and Edge Relay))Not Affected
Cloud App SecurityResolved / Not Affected
Cloud EdgeNot Affected
Cloud One – Application SecurityNot Affected
Cloud One – Common ServicesNot Affected
Cloud One – ConformityNot Affected
Cloud One – Container SecurityNot Affected
Cloud One – File Storage SecurityNot Affected
Cloud One – Network SecurityNot Affected
Cloud One – Workload SecurityNot Affected
Cloud SandboxNot Affected
Deep Discovery AnalyzerNot Affected
Deep Discovery Email InspectorNot Affected
Deep Discovery InspectorNot Affected
Deep Discovery Web InspectorNot Affected
Deep SecurityNot Affected
Endpoint EncryptionNot Affected
FraudbusterNot Affected
Home Network SecurityNot Affected
HousecallNot Affected
Instant Messaging SecurityNot Affected
Internet Security for Mac (Consumer)Not Affected
Interscan Messaging SecurityNot Affected
Interscan Messaging Security Virtual Appliance (IMSVA)Not Affected
Interscan Web Security SuiteNot Affected
Interscan Web Security Virtual Appliance (IWSVA)Not Affected
Mobile Secuirty for EnterpriseNot Affected
Mobile Security for AndroidNot Affected
Mobile Security for iOSNot Affected
MyAccount (Consumer Sign-on)Not Affected
Network ViruswallNot Affected
OfficeScanNot Affected
Password ManagerNot Affected
Phish InsightNot Affected
Policy ManagerNot Affected
Portable SecurityNot Affected
PortalProtectNot Affected
Public Wifi Protection / VPN Proxy One ProNot Affected
Rescue DiskNot Affected
Rootkit BusterNot Affected
Safe Lock (TXOne Edition)Not Affected
Safe Lock 2.0Not Affected
Sandbox as a ServiceResolved / Not Affected
ScanMail for ExchangeNot Affected
ScanMail for IBM DominoNot Affected
Security for NASNot Affected
ServerProtect (all versions)Not Affected
Smart Home NetworkNot Affected
Smart Protection CompleteNot Affected
Smart Protection for EndpointsNot Affected
Smart Protection Server (SPS)Not Affected
TippingPoint AccessoriesNot Affected
TippingPoint IPS (N-, NX- and S-series)Not Affected
TippingPoint Network Protection (AWS & Azure)Not Affected
TippingPoint SMSNot Affected
TippingPoint Threat Management Center (TMC)Resolved / Not Affected
TippingPoint ThreatDVNot Affected
TippingPoint TPSNot Affected
TippingPoint TX-SeriesNot Affected
TippingPoint Virtual SMSNot Affected
TippingPoint Virtual TPSNot Affected
TMUSBNot Affected
Trend Micro Email Security & HESResolved / Not Affected
Trend Micro Endpoint SensorNot Affected
Trend Micro ID SecurityNot Affected
Trend Micro Remote ManagerNot Affected
Trend Micro Security (Consumer)Not Affected
Trend Micro Virtual Patch for EndpointNot Affected
Trend Micro Web SecurityResolved / Not Affected
TXOne (Edge Series)Not Affected
TXOne (Stellar Series)Not Affected
Vision OneResolved / Not Affected
Worry-Free Business Security (on-prem)Not Affected
Worry-Free Business Security ServicesNot Affected

Affected Products:

Deep Discovery DirectorAffectedPlease click here for more info

References

What is a Keylogger and How to Detect One

What is a keylogger?

A keylogger, which is also known as a keystroke logger or a keyboard capturer, is a piece of software or hardware developed to monitor and record everything you type on a keyboard. In this article, we dive into everything you need to know about them and teach you how to protect yourself from them!

Is a keystroke logger a virus?

It depends. Keyloggers were designed for legitimate purposes. They were originally used for computer troubleshooting, employee activity monitoring, and as a way to discover how users interact with programs so their user experience could be enhanced. However, they’ve since been used by hackers and criminals as a tool for stealing sensitive data such as usernames, passwords, bank account information, and other confidential information.

Generally, a keylogger is insidiously installed alongside an otherwise legitimate program. As a result, users are almost always unaware that their keystrokes a being monitored. Oftentimes, when a user’s computer is infected with a keylogger trojan, the malicious software will keep track of their keystrokes and save the information to their computer’s local drive. Later the hacker will retrieve the stored data. For this reason, keyloggers pose a serious threat to computer security and data privacy.

Keyloggers are separated into the following categories, based on how they work:

API-based

These keyloggers Application programming interfaces (APIs) allow software to communicate with hardware. API-based keyloggers intercept every keyboard input sent to the program you’re typing into.. This type of keylogger registers keystroke events as if it was a normal aspect of the application instead of malware. Each time a user presses or releases a key it is recorded.

Form grabbing-based

Form grabbing-based keyloggers log web form submissions by recording the inputted data when they are submitted. When a user submits a completed form, usually by clicking a button or pressing enter, their data is recorded even before it is passed over the Internet.

Kernel-based

These keyloggers work their way into a system’s core, allowing them access to admin-level permissions. These loggers have unrestricted access to everything entered into a computer system.

Javascript-based

A malicious script tag is injected into a targeted web page and it listens for keyboard events. Scripts can be injected using a variety of methods, including cross-site scripting, man-in-the-browser, and man-in-the-middle attacks, or when a website’s security is compromised.

How do keyloggers get on computers?

Most of the time, they infect computers with outdated antivirus software and ones without any antivirus software at all.

There are several scenarios that you need to be aware of:

  1. Keyloggers can be installed through web page scripts. Hackers utilize web browser vulnerabilities and embed malicious code on a webpage that silently executes the installation or data hijacking.
  2. Phishing. Keyloggers can be installed after users click on a nefarious link or open a malicious attachment in a phishing email.
  3. Social engineering. Some criminals use psychological manipulation to fool unsuspecting people into installing a keylogger by invoking urgency, fear, or anxiety in them.
  4. Unidentified software downloaded from the internet. Sometimes cracked software or applications from unidentified developers will secretly install a keylogger on a computer system.

How to detect a keylogger on my computer?

At this point, you might be interested in learning how you can detect a keylogger on your computer. The truth is, keyloggers are not easy to detect without the help of security software. Running a virus scan is necessary to detect them.

Trend Micro Housecall is an online security scanner that detects and removes viruses, worms, spyware, and other malicious threats such as keyloggers for free.

Keylogger_HouseCall

How to prevent keystroke logging malware?

Keyloggers are dangerous. Preventing them from ever being installed on your computer is a top priority. It is necessary to be proactive in protecting your computer to ensure that your data doesn’t get stolen.

Here are several tips to follow:

  • Carefully inspect user agreements for software before agreeing to them. There should always be a section covering how your data is used.
  • Install a trusted antivirus app such as TrendMicro Maximum Security. Always keep your antivirus on and regularly run scheduled scans of your device.
  • Make sure your security software is up to date.
  • Make sure your operating system is up to date and all the security patches are installed.
  • Avoid visiting suspicious websites and don’t click on any unusual links or e-mail attachments from unknown senders.
  • Only download and install software from trusted developers and sources.

    Source :
    https://news.trendmicro.com/2021/12/28/what-is-a-keylogger-and-how-to-detect-one/

10 Tips for a Safe and Happy Holiday

They’re not interested in peace on earth, a hippopotamus or their two front teeth. You won’t find them decking the halls, dashing through the snow or even up on the housetop. But that doesn’t mean cybercriminals aren’t out in force this time of year — and they’re relying on you being too wrapped up in your holiday preparations to see them coming.

They’re successful far too often: The last quarter of 2020 saw by far the most ransomware, with attacks in November reaching an all-time high in an already record-breaking year. If 2021 follows suit, this could be the worst holiday season for ransomware SonicWall has ever recorded — but fortunately, there are many things you can do to minimize your risk:

It’s the Most Wander-ful Time of the Year: Travel Tips

Roughly 63% of American adults plan to travel for the holidays this year — a nearly 40% jump over last year, and within 5% of 2019 levels. While it’s easy to become preoccupied by traffic jams, flight delays and severe weather, don’t forget that attackers love to leverage this sort of chaos. Follow these five travel best practices to keep cybercriminals grounded this holiday season.

1. Free Wi-Fi =/= Risk-Free Wi-Fi

When you stop for a coffee during your layover, or stumble into a greasy spoon on hour nine of your road trip back home, you might be tempted to log on to the free Wi-Fi. But unless your organization has implemented zero-trust security, beware. Try bringing a novel and coloring books to keep everyone occupied on the road, and if you must connect, use a VPN to access employer networks and avoid logging in to your bank, email or other sensitive accounts. Because some devices may try to connect to these networks automatically, you may need to disable auto-connect to fully protect against man-in-the-middle and other attacks.

2. Put Your Devices on Lockdown

Due to border restrictions finally beginning to ease in countries such as CanadaAustraliaIndia and South Korea, and the United States, international travel is expected to be robust. In the U.S., roughly 2 million travelers are expected to pass through airports each day over the Christmas holiday. In crowds like this, it’s easy for a device to be misplaced, left behind or stolen. To limit potential damage from smartphones, laptops, tablets, etc. falling into the wrong hands, ensure they’re protected with facial recognition, fingerprint ID or a PIN. (This doesn’t just protect against data theft, it can also help combat regular theft: One study found that locked devices were three times more likely to be returned to their owners.)

3. Don’t Let Criminals Track You

Nearly 43% of Americans and 42% of Brits feel more comfortable traveling this year — but this doesn’t mean they should be comfortable with everyone knowing they’re traveling. Any location data you share on social media can be tempting to those wanting to break into homes or hotel rooms — whether to steal and exfiltrate data, or steal gaming consoles, jewelry, medications or even gifts under the tree.

4. Use Only Your Own Cords/Power Adapters

In our mobile-dependent society, it’s no surprise that cybercriminals have learned how to install malware in airport kiosks, USB charging stations and more. And while that “forgotten” iPhone charge cable might look tempting when your device is running on empty, even those can harbor malware. If you can’t find a secure charging area, ensure your device is powered off before plugging it in.

‘Tis the Season for Giving: Online Safety Tips

Even if you’re not traveling this year, chances are you’re buying gifts. While supply-chain challenges, pandemic considerations and more have made for a unique holiday shopping season, it’s important to put safety first when shopping online. Here are six things to look out for:

1. Holiday Phishing Emails

Perhaps you’ve received an invite to the Jones’ holiday party, a gift card or coupon, or an email from HR with details of an unexpected holiday bonus. If there’s an attachment, exercise extreme caution: It may harbor malware.

2. Spoofed Websites

Unfortunately for your wallet, emails boasting huge discounts at popular retailers are likely bogus. Walmart isn’t offering 70% off, and nobody is selling PlayStations for $100, not even during the holidays. If you enter your info into one of these lookalike retail (or charity) sites, the only thing you’re likely to get is your credentials stolen.

3. Fake Shipping Invoices

You’ve finished your shopping, and your gifts are on their way! But now FedEx is emailing to say your packages may not arrive in time and referring you to updated tracking information. Or your retailer is sending you a shipping label for returns, or verifying your gifts are being sent … to a completely different address. Look closely before you click: These emails usually aren’t from who they say they are.

4. Counterfeit Apps

Is that really the Target app or just a lookalike? Better double-check before you download and enter your payment information. Apple’s App Store and Google Play have safeguards in place to stop counterfeit apps, but some still occasionally get through.

5. Gift Card Scams

These originally took the form of “You’ve won a free gift card! Click here to claim!” In recent years, however, they’ve become more targeted, and may appear to offer gift cards as a bonus from your employer or a holiday gift from a friend. The easiest way to avoid being scammed? If you weren’t expecting a gift card from someone, ask them about it.

6. Santa’s Little Helpers

There are many services designed to send your child a letter from Santa for a small fee. But many times, these so-called “Santas” are really cybercriminals attempting to get you to click on a link and enter your payment information. A recent variation has scammers offering kits designed to take the stress and mess out of your elf’s holiday shenanigans (just move your elf and call it good!)

While the holiday season offers more than its share of scams, many can be put on ice with a little extra due diligence. Keep these holiday best practices in mind, and have a safe and happy holiday!

Source :
https://blog.sonicwall.com/en-us/2021/12/10-tips-for-a-safe-and-happy-holiday/

2021 VMware Major Developments, Releases, Updates & More!

Following a year that the world will remember for a long time to come (and mostly not for good reasons), we wrap up 2021 with a plethora of events happening in the tech industry. In the meantime, we certainly hope that you are doing well and staying safe during this upcoming festive period. In this article, we’ll recap the most important VMware news stories of the year and have a look ahead at what 2022 has in store. Let’s get going!

Company Growth

A lot has been going on this year in the VMware space, not only in a technical aspect but also with major changes within the company’s structure and management.

Financially, the company keeps doing very well with projected revenue of over $12.8 billion, an increase of around 9% compared to last year with expected significant growth in the SaaS area.

One of the axes VMware is also working on to generate revenue is the partner incentives program based on the customer life cycle. The new incentives reward partners that deliver PoCs, customers’ assessments and “sell-through” partners working together.

Acquisitions

VMware acquired a dizzying number of companies over the course of the previous year (2020). However, mergers are time-consuming and are never straightforward when it comes to restructuring teams, merging products into existing portfolios… VMware has put a lot of resources into integrating previous years’ acquisitions into their existing portfolios such as Carbon Black, Salt or Datrium.

This might be the reason why they only acquired one company in 2021 with Mesh7. Let’s have a closer look at what it is.

Mesh7

VMware acquired Mesh7 at the end of the first quarter of 2021. Their technology helps customers improve application resiliency, reliability and reduce blind spots through the integration of deep Layer 7 insights with cloud, host, and reputation data. They offer a distributed API Security Mesh solution (API Firewall and API Gateway) which is focused on securing the application layer at its core in Kubernetes environments.

VMware acquire Mesh7 at the end of March 2021 to further secure Tanzu Service Mesh

VMware acquired Mesh7 at the end of March 2021 to further secure Tanzu Service Mesh

VMware uses Envoy as an open-source Layer 7 proxy in Tanzu Service Mesh and Mesh7’s API gateway is being integrated into the solution to further secure the Kubernetes connectivity solution.

VMworld 2021

As usual, let’s quickly recap what happened during VMworld 2021 which was, once again, a virtual event. We will only skim over the surface of what was announced as a lot of other areas were covered such as Security, Networking, End-User services… For more information about the announcements made during this event, head over to our dedicated VMworld 2021 Round-up Article.

Strong focus on multi-cloud

VMware followed the trend set in the previous year with a strong push towards multi-cloud and managed cloud services. VMware Cross-Cloud services will offer a bunch of multi-cloud services you can pick and choose from in a flexible manner to facilitate and accelerate customers’ adoption.

VMware Cross-Cloud services aims at simplifying the shift to a multi-cloud SDDC

VMware Cross-Cloud services aims at simplifying the shift to a multi-cloud SDDC”

VMware Sovereign Cloud tackles the issues around how sensitive data is dealt with through partnerships with Cloud providers. The goal is to offer those public entities and large organizations a data sovereignty seal of approval in a multi-cloud world.

Other announcements in the Cloud space included VMware Cloud on AWS Outpost and improvements to the disaster recovery as a service (DRaaS) offering.

Tanzu gets ever closer to maturity

VMware Tanzu, the company’s implementation of Kubernetes is being built upon ever since the portfolio was announced at VMworld 2019. The big reveal of this year’s event was Tanzu Community Edition, a free and open-source release of the solution aimed at learners and users.

Other Tanzu related announcements included VMware Cloud with Tanzu Services, managed Tanzu Kubernetes Grid (TKG), Tanzu Mission Control Essentials and a free tier with Tanzu mission control Starter.

VMware Tanzu Community Edition is full featured but free and open-source

VMware Tanzu Community Edition is full-featured but free and open-source”

Lots of projects in development

VMware always has a bunch of projects with codenames in the works that later become actual products when they reached maturity. Remember how Tanzu used to be known as Project Pacific. In 2021, the company revealed no less than 9 major projects in various areas such as Edge computing, AI/ML, Security, multi-cloud, tiered memory for vSphere, Kubernetes…

Again, you can find the details about these projects in our VMworld 2021 roundup.

Edge Computing

The other area that was largely covered was Edge computing with the announcement of VMware Edge Compute Stack, a purpose-built and integrated stack offering HCI and SDN for small-scale VM and container workloads to effectively extend your SDDC to the Edge.

VMware Edge compute Stack helps solve use cases for a wide variety of challenges

VMware Edge compute Stack helps solve use cases for a wide variety of challenges”

While a lot of good things went their way, 2021 was an eventful year for VMware. Several big announcements were made that will change the face of the company and a few vSphere related crises the company’s TAMs had to navigate.

VMware and DellEMC Split

Probably the biggest announcement of the year was the split from DellEMC which was the majority stakeholder with 81% shares in the company. This separation comes 5 years after Dell acquired EMC in September of 2016 for a whopping $67 billion, EMC being VMware’s controlling stakeholder at the time. On November 1st 2021, VMware becomes a standalone company for the first time since EMC acquired it in 2004, albeit after paying $11.5 billion in dividends to the shareholders.

In a news article, VMware’s new CEO Raghu Raghuram (more on that later) officialized the split and kept emphasizing their multi-cloud strategy with the goal of becoming “the Switzerland of the cloud industry”:

As a standalone company, we now have the flexibility to partner even more deeply with all cloud and on-premises infrastructure companies to create a better foundation that drives results for our customers. And the increased flexibility we will have to use equity to complete future acquisitions will help us remain competitive. “

VMware has a new CEO

A number of top officers over at VMware left the building and were replaced by new top profiles. Among those, we find the CEO of the company himself. Pat Gelsinger, who led VMware between 2012 and 2021 gave his notice in February to become Intel’s new CEO after spending 30 years as a top profile between 1979 and 2009 for the blue team, a very impressive resume if you ask me.

VMware replaced him with Raghu Raghuram, the previous COO who’d been climbing up the corporate ladder since 2003, clocking over 18 years of employment to reach the top of the pyramid.

Raghu Raghuram succeeds to Pat Gelsinger as VMware’s CEO

Raghu Raghuram succeeds to Pat Gelsinger as VMware’s CEO

vSphere 7 Update 3 removed

On a more technical note, 2021 was a rather turbulent year for vSphere 7.0. The year started with many customers encountering purple screens on vSphere hypervisors installed on SD cards or USB sticks, which eventually led VMware to pull support for these boot devices. This wasn’t received particularly well among the customer base as many were taken by surprise and now have to plan for it, which will be a large piece of work and investment depending on the size of the environment.

Following this shaky start, customers started having problems with vSphere 7 Update 3 causing PSOD in some instances. In order to fix it, VMware released patches that ended up breaking vSphere HA for many customers using a certain type of Intel adapters. VMware eventually decided to stop the haemorrhage by removing vSphere 7 Update 3 from distribution altogether, just over a month after its release.

vSphere 7 Update 3 was crippled with issues since its initial release

vSphere 7 Update 3 was crippled with issues since its initial release”

Needless to say that customers were pretty unhappy with how this unfolded. Many blamed the 6 months release cycle and quality control being put to the side in favor of shiny new Cloud or Tanzu features. Let’s hope the scission from DellEMC will entice VMware to regain a certain level of quality control and that organizations won’t put the deployment of security patches on hold as a result.

VMware Cloud Universal

As you can tell, VMware is very keen to push Cloud subscriptions to its customers and VMware Cloud Universal, which was released in April 2021, was another testimony of that. A subscription offering that offers access to multi-cloud resources, be it infrastructure, compute, storage, networking, modern apps…

The idea is to be able to flexibly deploy VMware Cloud Infrastructure across private and public clouds. VMware Cloud Universal includes VCF-Subscription (also released in 2021), VMware Cloud on AWS and VMware Cloud on DellEMC.

Now, I’ll admit that it is getting a bit tricky to make sense of the many cloud offerings proposed by VMware with VMC, VMC on AWS, VMware Cloud Universal, VMware Cross-Cloud services and then the subtleties in each one of them.

VMware Cloud Universal allows customers to establish a flexible commercial agreement with VMware

VMware Cloud Universal allows customers to establish a flexible commercial agreement with VMware to commit once and consume dynamically

Ransomware Attacks Targeting vSphere ESXi

In 2021, we, unfortunately, witnessed no curb in the infamous growing trend of vSphere Ransomware attacks. While most encrypting ransomware attacks were historically focused on Windows and Linux instances, vSphere is now being targeted as well. Bad actors will try to gain access to the virtual infrastructure and initiate encryption of the datastores to claim a ransom, hence impacting every single VMs in the environment.

Fortunately, most companies are now investing large amounts of resources to mitigate the risks and protect the customers, for instance, Altaro has been doing it for a long time now.

A Look Ahead to 2022

I wrapped up last year’s roundup with “Watch for 2021 as it is without a doubt that it will be a year packed with major events”. Well, I think it is safe to say that it turned out to be true. VMware’s split from DellEMC will give the company absolute autonomy over its market strategy and path to a multi-cloud world. 2022 will see a maturing of these core cloud technologies alongside VMware doubling down on its acquisition strategy of key technologies that will solidify its commitment to this direction.

While we are eager to find out what it brings in terms of novelties, we are equally looking forward to a return to a more sensible release cycle and the distribution of a stable version of the historic hypervisor (well that’s my main hope at least!) I’d love to hear your thoughts, so feel free to take your bet in the comment section as to what 2022 will bring!

Source :
https://www.altaro.com/vmware/2021-vmware-developments/

Exit mobile version