Security
Headlines
HeadlinesLatestCVEs

Tag

#vmware

Cybersecurity Consolidation Continues, Even as Valuations Stall

Financing and acquisitions are trending toward smaller deals, which means fewer high-valuation purchases and funding, but likely fewer post-merger layoffs as well.

DARKReading
Open in Source
#git#intel#vmware
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign

The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.

CVE-2009-1143: 264577 – (CVE-2009-1142, CVE-2009-1143) app-emulation/open-vm-tools (CVE-2009-1142, CVE-2009-1143)

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Royal Ransomware: New Threat Uses Google Ads and Cracked Software

By Habiba Rashid According to Microsoft, the Royal ransomware is now being spread by a threat actor known as DEV-0569. This is a post from HackRead.com Read the original post: Royal Ransomware: New Threat Uses Google Ads and Cracked Software

Log4Shell – Iranian Hackers Accessed Domain Controller of US Federal Network

By Waqas The attack, according to authorities, was launched on the Federal Civilian Executive Branch (FCEB). This is a post from HackRead.com Read the original post: Log4Shell – Iranian Hackers Accessed Domain Controller of US Federal Network

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with

CVE-2022-41939: func/builder.go at 5ca77d38744d3481cc0b795f607c5859b19588fc · knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.

Iranian APT Actors Breach US Government Network

CISA says Federal Civilian Executive Branch systems were compromised through a Log4Shell vulnerability in an unpatched VMware Horizon server.

Red Hat Security Advisory 2022-8506-01

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022