Security News
Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. Security researchers at attack surface assessment company Horizon3 announced today that they managed to create a working proof-of-concept exploit code for CVE-2022-22972 and will be releasing a technical report shortly.
Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Ironically, the CVE-2022-26923 and CVE-2022-26931 bugs only seem to apply if you're using digital certificates for added authentication security.
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821, the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.
Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely access Redis instances running in NOSi Docker containers. The IOS XR Network OS is deployed on multiple Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.
Virtualisation in general, and VMWare's product set in particular, is widely used to turn individual physical computers into several "Virtual computers" that share the same physical hardware. These virtual computers, known in the jargon as VMs, realistically pretend to be independent computers in their own right, each one booting and running an operating system of its own, as a physical computer would.
Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update. Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures across several systems.
Uncle Sam's Cybersecurity and Infrastructure Security Agency has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can't be applied.
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks. In April, VMware patched another set of critical vulnerabilities, a remote code execution bug and a 'root' privilege escalation in VMware Workspace ONE Access and VMware Identity Manager.
The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.
The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.