You’ve got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.
The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server’s implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other words: it’s almost as bad as it gets. DCERPC, which stands for Distributed Computing Environment/Remote Procedure Calls, allows software to invoke procedures and services on a remote system across a network.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BlueKeep Flaw Plagues Outdated Connected Medical Devices
February 19, 2020
While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol (RDP) flaw. Researchers said they found that 22 percent of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even ...
- Bluetooth LE devices impacted by SweynTooth vulnerabilities
February 15, 2020
A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet
- An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
February 13, 2020
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create ...
- Researchers Use Smart Light Bulbs to Infiltrate Networks
February 6, 2020
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...
- Only three of the Top 100 international airports pass basic security checks
February 3, 2020
Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland. According to ImmuniWeb, these three “may serve a laudable example not just to the ...
- Matters of Life and Death: Cyber Security and Medical Devices
February 3, 2020
Concerns about the vulnerabilities of medical devices to cyber attacks are spurring a new focus on the need to protect patient safety, data and hospital systems It’s a scenario right out of a Hollywood blockbuster. Without a word of warning, medical devices regulating everything from heartbeat to insulin levels across a hospital system begin behaving erratically ...