Security News

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products. The critical vulnerability is similar to, or perhaps even a variant or patch bypass of, an earlier critical authentication bypass vulnerability that also rated 9.8 in severity and VMware fixed back in May. Shortly after that update was issued, CISA demanded US government agencies pull the plug on affected VMware products if patches can't be applied.

VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges. "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA," VMware warned.

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA mechanism, VMware has finally released a patch for one of the affected versions. Successful exploitation enables attackers with non-administrative access to unpatched vCenter Server deployments to elevate privileges to a higher privileged group.

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers. The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. According to the CISA, cyber threat actors, including state-sponsored advanced persistent threat actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Coast Guard Cyber Command, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and servers," the agencies said.

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. The botnet was first discovered in March by researchers at Securonix and by April, when analysis of newer samples emerged from Fortinet, EnemyBot had already integrated flaws for more than a dozen processor architectures.