Latest News Articles



--- TLP:WHITE ---

News

− Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.

https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/

− Attacks on Russian Government Orgs Exploit Recent Microsoft Office Zero-Day

Threat actors have targeted Russian government organizations with malicious documents designed to exploit the recently patched MSHTML zero-day flaw in Microsoft Office, security researchers with Malwarebytes reveal.

https://blog.malwarebytes.com/reports/2021/09/mshtml-attack-targets-russian-state-rocket-centre-and-interior-ministry/

− VMware vCenter Servers in Hacker Crosshairs After Disclosure of New Flaw title

The internet is already being scanned for VMware vCenter servers affected by CVE-2021-22005, a critical vulnerability for which the virtualization giant announced patches just a couple of days ago.

https://www.securityweek.com/vmware-vcenter-servers-hacker-crosshairs-after-disclosure-new-flaw

Vulnerabilities

− Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Microsoft and RiskIQ researchers have uncovered several campaigns using a recently patched Microsoft MSHTML flaw, restating calls for organizations to update impacted systems. The vulnerability was first exploited by the Ryuk ransomware gang, which leveraged the bug ahead of the patch

https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/

− VMware warns of critical bug in default vCenter Server installs

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.

https://core.vmware.com/vmsa-2021-0020-questions-answers-faq/

− Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw

Cybersecurity researchers have been able to capture hundreds of thousands of Windows domain and application credentials due to the design and implementation of the Autodiscover protocol used by Microsoft Exchange.

https://www.guardicore.com/labs/autodiscovering-the-great-leak/

− Hacking group used ProxyLogon exploits to breach hotels worldwide

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.

https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/

− Security Notice: Critical Arbitrary File Delete Vulnerability In SonicWall SMA 100 Series Appliances

A critical vulnerability (CVSS 9.1) in SMA 100 series appliances, which includes SMA 200, 210, 400, 410 and 500v, could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and potentially gain administrator access to the device.

https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/

Community News

− The European Cybersecurity Month 2021 is October

The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.

https://cybersecuritymonth.eu/

--- TLP:WHITE ---