February 9, 2023
There are three CVE’s noted in the advisory: CVE-2021-44228, CVE-2021-20038 and CVE-2022-24990. For the most part, these are standard vulnerability reports that should prompt you to perform the recommended upgrades. Exploiting these vulnerabilities allowed the ransomware to enter the environment. When it did, it was often embedded in a South Korean instant messenger application, called X-Popup. This should be where your ears perk up: endpoint defenses should be context aware and understand what software is normal versus not on your devices. Unusual software, even if benign by signature, should be analyzed more deeply than the programs you expect to see.
Be immediately notified of new advisories and associated security tests