You’ve got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.
The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server’s implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other words: it’s almost as bad as it gets. DCERPC, which stands for Distributed Computing Environment/Remote Procedure Calls, allows software to invoke procedures and services on a remote system across a network.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Intelligence Agencies Warn Of Flaw With VPN Products
October 9, 2019
Both the US NSA and UK NCSC warn hackers are actively exploiting vulnerabilities in VPN products Both the US National Security Agency (NSA) and a GQHC agency in the United Kingdom have issued warnings about “multiple vulnerabilities in Virtual Private Network (VPN) applications.” Both the NSA and the UK’s National Cyber Security Centre (NCSC) warned that advanced persistent threat (APT) ...
- D-Link Home Routers Open to Remote Takeover Will Remain Unpatched
October 8, 2019
D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, ...
- Google Warns of Android Zero-Day Bug Under Active Attack
October 4, 2019
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO ...
- Hack Breaks PDF Encryption, Opens Content to Attackers
October 2, 2019
Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...
- Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare
October 2, 2019
The constant quest for prolonging and preserving human life has continually driven technologies to develop groundbreaking innovations in the delivery of healthcare services and state-of-the-art treatments. Like in many other enterprises, the industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. With the IIoT, medical data and information have ...
- FDA Warns Against URGENT/11 Vulnerabilities Affecting Medical Devices and Hospital Networks
October 1, 2019
The U.S. Food and Drug Administration (FDA) is informing patients, health care providers and facility staff, and manufacturers about cybersecurity vulnerabilities that may introduce risks for certain medical devices and hospital networks. The FDA is not aware of any confirmed adverse events related to these vulnerabilities. However, software to exploit these vulnerabilities is already publicly ...