Security News

VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances. The bug is described as a deserialization vulnerability that can be abused to run arbitrary code as root on compromised systems.

This week meet a reader we'll Regomize as "Wesley", who 25 years ago was about to embark on a thesis in mechanical engineering, continuing the work done by a more senior student who was working towards his doctorate. The senior student readily agreed, but the days passed, and Wesley still didn't have the data he needed.

After a lengthy discussion between staff at Mozilla and Apple, security researchers and the CA itself, Mozilla program manager Kathleen Wilson said the org's concerns were "Substantiated" enough to set a distrust date of November 30 for TrustCor's root certificates. Microsoft didn't participate in the conversation; instead, TrustCor executive Rachel McPherson claimed that Microsoft had set a distrust date of November 1 for her company's certs.

Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found that 96% of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored. According to the report, this means 1.2 billion known-vulnerable dependencies that could be avoided are being downloaded every month, pointing to non-optimal consumption behaviors as the root of open source risk.

"In most cases, the vulnerabilities exist because the software fully trusted data coming from the PLC without performing extensive security checks," Team82 said. Security researchers at Accenture have highlighted the following point: the type of data being sold online after ransomware attacks is exactly the sort of stuff that's ideal for launching business email compromise attacks.

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges. "A successful exploit could allow the attacker to perform actions with Administrator privileges on an affected device," Cisco explains.

New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. Cybersecurity company CrowdStrike has observed a threat actor that focused mainly on targeting Linux and Solaris systems using the custom-built BPFDoor implant on telecommunications providers to steal personal user information.

Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine and fully compromise NFVIS hosts. CVE-2022-20777 is caused by insufficient guest restrictions and allows authenticated attackers to escape the guest VM and gain root-level access to the host in low complexity attacks without requiring user interaction.

Microsoft has unearthed two security vulnerabilities in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions. CVE-2022-29799 is a directory traversal bug; CVE-2022-29800 is a time-of-check-time-of-use race condition that could allow an attacker to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not.

A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware. Security researchers at Microsoft disclosed the issues in a report today noting that they can be chained together to achieve root privileges on a vulnerable system.