App Stores have been around for a while and pretty much everyone has one. Although they started off in the mobile device world, they quickly were bolted on to the other areas. As their usage has grown attackers have found them to be a very valuable resource as well. We have seen poisoned apps across just about every platform and the sophistication of them is increasing as well.

WMIC or the Windows Management Instrumentation Command line is a very powerful tool. It can allow an administrator or an attacker a lot of control over a system. Because of the number of times that WMIC has been abused to take control of/or compromise a system Microsoft has been testing the removal of the WMIC component of WMI. Different sources have reported that WMIC as a commend no longer works in development builds, but the WMI process is still running on the device.

Cisco has announced that a series of vulnerabilities along with the associated patches that go with them for some of the Nexus Series Switches based on NX-OS. Cisco’s NX-OS is the heart of their data center line of switches like the Nexus 3k, 5500 and 5600, as well as the 6k and 9k series. These switches are often deployed inside large data centers or used as core switches for data and storage networks. Because of this large and critical deployment footprint the new flaw (tracked as CVE-2022-20650) is a rather dangerous one.

It looks like the group behind Trickbot, the Swiss Army Knife of Malware as service for Windows is shutting down the framework and infrastructure behind the “solution”. According to research groups that have been tracking the campaign the disappearance there are several factors that have led up to this. One of the most recent changes appears to be a shift in efforts to a new malware format and potentially being “acquired” by another malware operator.