In this week's Cyber Bits, we cover critical security updates and vulnerabilities impacting major tech ecosystems. Discover VMware's urgent patches for vCenter, Cloud Foundation, and vSphere ESXi to fix severe RCE vulnerabilities. Learn about the significant UEFI firmware flaw affecting hundreds of Intel-based PCs. We also highlight the US Treasury's sanctions on Kaspersky, the targeting of outdated Android phones by Rafel RAT in ransomware attacks, and a breach of 1,590 cryptocurrency wallets by North Korean hackers.
VMware Releases Critical Security Patches for vCenter, Cloud Foundation, and vSphere ESXi to Address Remote Code Execution Vulnerabilities
Link: Bleeping Computer The Hacker News
VMware has released critical security updates for its vCenter Server, Cloud Foundation, and vSphere ESXi products to fix vulnerabilities that could allow remote code execution (RCE) and privilege escalation. Notable flaws include CVE-2024-37079 and CVE-2024-37080, which involve heap-overflow vulnerabilities in the DCE/RPC protocol, and CVE-2024-37081, which pertains to local privilege escalation via sudo misconfiguration. Users are strongly advised to apply these patches promptly to mitigate potential risks, as these vulnerabilities, although not yet exploited in the wild, are highly critical.
Critical UEFI Vulnerability Discovered in Hundreds of Intel-Based PCs
Link: Bleeping Computer Dark Reading The Hacker News
A newly discovered UEFI firmware vulnerability, dubbed "Phoenix," affects hundreds of Intel-based PC models, posing significant security risks. This high-risk overflow bug, found in Intel chips, allows potential attackers to execute arbitrary code or bypass security features. Researchers emphasize the critical need for firmware updates to mitigate this threat, highlighting the widespread impact across various PC models from major manufacturers. Users are urged to apply available patches to safeguard their systems against potential exploits.
US Treasury Sanctions Kaspersky, Bans Software Over National Security Concerns
Link: The Hacker News The Hacker News Dark Reading
The US Treasury has sanctioned 12 entities linked to Kaspersky and banned the use of its software by government agencies and contractors, citing national security risks. The move reflects ongoing concerns about potential cyber threats and espionage. Kaspersky, a prominent cybersecurity firm, is required to cease operations with US customers by a specified deadline. The sanctions underscore heightened scrutiny on software linked to foreign adversaries.
Rafel RAT Targets Outdated Android Phones in New Ransomware Attacks
Link: Bleeping Computer
The Rafel Remote Access Trojan (RAT) is targeting outdated Android phones in a new wave of ransomware attacks. Exploiting vulnerabilities in older Android versions, Rafel RAT enables attackers to gain control over devices, steal data, and deploy ransomware. Users of outdated Android devices are urged to update their systems and apply security patches to protect against these emerging threats.
North Korean Hackers Breach 1,590 Crypto Wallets, Says CoinStats
Link: Bleeping Computer
CoinStats has reported that North Korean hackers successfully breached 1,590 cryptocurrency wallets, leading to significant financial losses. The attackers employed sophisticated phishing schemes and malware to gain access to the wallets, exploiting security weaknesses. This incident highlights the growing threat posed by state-sponsored cybercrime in the cryptocurrency sector and the need for robust security measures to protect digital assets.
