Security News
VMware has fixed four vulnerabilities in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. VMware ESXi is a bare-metal hypervisor, VMware Workstation and Fusion are desktop hypervisors, and VMware Cloud Foundation is a hybrid cloud platform.
"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.
In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.
Hackers have started to exploit the critical-severity authentication bypass vulnerability in TeamCity On-Premises, which JetBrains addressed in an update on Monday. LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.
"Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate," according to the IC3 report. Crooks had no qualms about infecting critical infrastructure organizations with ransomware.
VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.These types of flaws are critical as they could permit attackers to gain unauthorized access to the host system where a hypervisor is installed or access other virtual machines running on the same host, breaching their isolation.
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below -...
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws,...
A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.
JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately. "Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.