News for November 8, 2022

VMware Patches End of Life Product
by Artie Kaye

A critical flaw in the XStream open source library prompted the company to release a patch for all affected devices, including those which the company ended support for. The vulnerability could allow for remote code execution on these devices. If using VMware Cloud Foundation, please update as soon as possible.

The flaw is listed as CVE-2021-39144.

Azov Ransomware is Actually Data Wiper
by Artie Kaye

This new malware bears the name ransomware and even comes with a ransom note, but it functions as a data wiper. There is no cryptography involved, which means no hope of file recovery. Once activated on a machine it will self-propagate into other executable files, compounding the damage it does. It functions by editing sections of file code into random garbage, rendering the file inoperable. There is no recovering the data unless backups exist. This malware is spread via infected installers of pirated software. The current recommended method to deal with it is a full wipe and reinstall.

Facebook Tool To Remove Phone Number and Email
by Artie Kaye

Meta has created a tool to allow people who are not users of their products to search for and remove the information from their sites. It functions as a lookup and blacklists the address or number. It can also function for users of their products. As finding the link to the tool on their website can be difficult, the link can be found below.