Security News

Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. VMware released security updates to address the CVE-2022-22972 flaw affecting Workspace ONE Access, VMware Identity Manager, or vRealize Automation.

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group. Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. Security researchers at attack surface assessment company Horizon3 announced today that they managed to create a working proof-of-concept exploit code for CVE-2022-22972 and will be releasing a technical report shortly.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast. We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.

Google's Threat Analysis Group on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said.

The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. According to a report published by analysts at Ahnlab's ASEC, Lazarus has been targeting vulnerable VMware products via Log4Shell since April 2022.

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month.

Attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams. The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services.