Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 14 - 21 June
New vulnerabilities in VMware, two of them critical
Broadcom has posted a security advisory detailing three vulnerabilities that would affect VMware vCenter Server and that have been recently patched. Specifically, two of these flaws, CVE-2024-37079 and CVE-2024-37080, have been classified with a severity of 9.8 on the CVSSv3 scale according to the vendor. Both would be heap-overflow vulnerabilities which affect the DCE/RPC protocol implementation and that can be exploited by an attacker with access to the vCenter Server network, making said attacker able to execute remote code.
Although Broadcom will not distribute patches to vSphere versions 6.5 and 6.7, the company said it is not aware of the flaws being actively exploited. On the other hand, the third patched vulnerability is CVE-2024-37081, CVSSv3 7.8 according to the vendor, a local privilege escalation flaw due to a sudo configuration error.
New information on Snowflake account compromise
Over the last few weeks, several news have been published in relation to data exposures suffered by different companies whose common link was the use of Snowflake cloud storage systems. Recently, the media outlet WIRED has made a new publication related to this issue in which they claim to have communicated with a member of the ShinyHunters group, who claims that they managed to compromise around 165 accounts by first intruding a contractor working with the affected customers through a phishing attack.
Specifically, the worker would belong to the company EPAM Systems, a digital services and software engineering company that provides various managed services for clients around the world. However, EPAM told WIRED that they do not believe that the attack campaign stems from these events and suggest that the actor made up the information.
Exploit for CosmicSting vulnerability developed
The vulnerability that has been dubbed CosmicSting and that affect s Adobe Commerce and Magento websites would allow attackers to perform XML external entity injection (XXE) and remote code execution (RCE). Also known as CVE-2024-34102, the flaw has a CVSSv3 of 9.8 according to Adobe and, according to a post by Sansec, is the worst Magento and Commerce vulnerability in two years because, when combined with another Linux flaw, namely CVE-2024-2961, it would allow threat actors to execute remote code automatically.
Although Adobe has posted patches for CosmicSting, Sansec claims that barely a quarter of the affected entities would have applied the updates. Also, because they claim to have developed an exploit for CosmicSting that has not yet been released, Sansec urges users to install the patches or, if not possible, to apply the emergency mitigations suggested in their post.
U.S. bans Kaspersky anti-virus for security reasons
The Biden administration has announced that it will ban the use of Kaspersky Lab's anti-virus software in the U.S. from July 2024, citing national security concerns. The move prevents both U.S. individuals and companies from using products from this Russian company. This decision follows a previous ban on Kaspersky's use in U.S. government agencies, put in place in 2017, due to suspicions of links between the company and Russian intelligence services.
Kaspersky has denied these allegations and has requested that the ban be revoked, arguing that there is no evidence to support the U.S. government's claims. Current customers will be able to continue to download the software, resell it and download new updates for 100 days.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
