Security News

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954, the critical issue concerns a case of remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager.

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022.

Sandworm hackers tried to disrupt Ukraine's power gridThe Computer Emergency Response Team of Ukraine, with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine. How to improve enterprise password security?In this video for Help Net Security, Darren Siegel, Product Specialist at Specops Software, talks about the importance of password security and what makes them vulnerable.

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution.

A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners. The vulnerability is a critical remote code execution impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. Tracked as CVE-2021-31805, the critical vulnerability exists in Struts 2 versions from 2.0.0 up to and including 2.5.29.

VMware has published security updates for the critical remote code execution vulnerability known as Spring4Shell, which impacts several of its cloud computing and virtualization products. A list of VMware products affected by Spring4Shell is available in an adivsory from the company.

Attackers are exploiting recently patched RCE in Sophos FirewallA critical vulnerability in Sophos Firewall in being exploited in the wild to target "a small set of specific organizations primarily in the South Asia region," Sophos has warned. IceID trojan delivered via hijacked email threads, compromised MS Exchange serversA threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID trojan without triggering email security solutions.

Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed 'Spring4Shell' was briefly published on GitHub and then removed.

Another Java Remote Code Execution vulnerability has reared its head, this time in the popular Spring Framework and, goodness, it's a nasty one. This is a severe remote code execution zero day that can be accessed over HTTP or HTTPS. "Spring have acknowledged the vulnerability and released 5.3.18 and 5.2.20 to patch the issue," said Sonatype, "We recommend an immediate upgrade for all users."