Security News

Uncle Sam's Cybersecurity and Infrastructure Security Agency has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can't be applied.

The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks. In April, VMware patched another set of critical vulnerabilities, a remote code execution bug and a 'root' privilege escalation in VMware Workspace ONE Access and VMware Identity Manager.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft reported.

SonicWall "Strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.SonicWall SMA 1000 SSLVPN solutions are used by enterprises to simplify end-to-end secure remote access to corporate resources across on-prem, cloud, and hybrid data center environments.

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory published Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. The updates are in addition to 36 flaws patched in the Chromium-based Microsoft Edge browser on April 28, 2022.

Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today's update, eight are classified as 'Critical' as they allow remote code execution or elevation of privileges.