You’ve got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.
The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server’s implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other words: it’s almost as bad as it gets. DCERPC, which stands for Distributed Computing Environment/Remote Procedure Calls, allows software to invoke procedures and services on a remote system across a network.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...
- WiFi firmware bug affects laptops, smartphones, routers, gaming devices
January 18, 2019
Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for ...
- Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
January 18, 2019
A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. Cisco Small Business Switches were developed for small office and home office (SOHO) environments, to manage and control small local area networks with no ...
- Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever
January 8, 2019
Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells ...
- A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access
January 3, 2019
A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than ...
- Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader
January 3, 2019
Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in ...