Security News

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.

VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.

StorMagic announced that StorMagic SvSAN and Zerto have been validated with HPE Proliant servers. Delivered through the HPE Complete Program, this HPE validated solution allows customers to protect edge-to-edge, edge-to-core or edge-to-cloud workloads.

A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM service. Luckily, although it can be abused by threat in remote code execution attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.

IDrive Cloud Backup has released IDrive Mirror, providing secure, cloud-based full image backups for Windows computers and server operating systems for protection against data loss and dreaded ransomware. IDrive Mirror gives individuals and small businesses the ability to backup unlimited computers and server systems into a single account, allowing for direct data backup and retrieval from the IDrive cloud without any intermediary storage device.

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network servers, have gone dark and remain inaccessible as of writing.

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft's announcement, Palo Alto Networks reveals in a new report. Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

Popular German cloud hosting and dedicated server provider Hetzner has banned cryptomining on its servers after users have been using their large storage devices to mine Chia. For those not familiar with Chia, instead of mining the cryptocurrency with specialized equipment or graphics cards, it uses a new mining system called Proof of Space and Proof of Time.

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply injected into vulnerable sites to log the information keyed into online checkout sites, according to Malwarebytes Labs' Threat Intelligence Team.