Security News

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867, "Enabled the execution of privileged commands across Windows, Linux, and PhotonOS guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," Mandiant said.

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. VulnCheck, which discovered the activity, said, "The individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security."

Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware. These malicious exploits are promoted by alleged researchers at a fake cybersecurity company named 'High Sierra Cyber Security,' who promote the GitHub repositories on Twitter, likely to target cybersecurity researchers and firms involved in vulnerability research.

As more victim organizations of Cl0p gang's MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. Rapid7 has released an analysis of the vulnerability and a full exploit chain for CVE-2023-34362.

Horizon3 security researchers have released proof-of-concept exploit code for a remote code execution bug in the MOVEit Transfer managed file transfer solution abused by the Clop ransomware gang in data theft attacks. With the release of this RCE PoC exploit, more threat actors will likely move quickly to deploy it in attacks or create their own custom versions to target any unpatched servers left exposed to Internet access.

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft disclosed in an advisory issued last month as part of Patch Tuesday updates.

The second reserves 64 bits for storing a memory address where the text string of a customer's name can be found. As you can imagine, you'd better not mix up these two values, because a number that makes sense, and is safe, to use as a day number, such as 23157, would almost certainly be unsafe to use as a memory address.

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. Withholding technical information is the usual stance from Google when a new security issue is found.

Last week, Progress Software Corporation, which sells software and services for user interface developement, devops, file management and more, alerted customers of its MOVEit Transfer product about a critical vulnerability dubbed CVE-2023-34362. If the backend data is stored in a SQL database, the web server might convert that URL into a SQL command like the one shown below.

Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit.