Cyber Bits · · 3 min read

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.

Cyber Bits: June 24, 2024

In this week's Cyber Bits, we cover critical security updates and vulnerabilities impacting major tech ecosystems. Discover VMware's urgent patches for vCenter, Cloud Foundation, and vSphere ESXi to fix severe RCE vulnerabilities. Learn about the significant UEFI firmware flaw affecting hundreds of Intel-based PCs. We also highlight the US Treasury's sanctions on Kaspersky, the targeting of outdated Android phones by Rafel RAT in ransomware attacks, and a breach of 1,590 cryptocurrency wallets by North Korean hackers.

VMware Releases Critical Security Patches for vCenter, Cloud Foundation, and vSphere ESXi to Address Remote Code Execution Vulnerabilities

Link: Bleeping Computer The Hacker News

VMware has released critical security updates for its vCenter Server, Cloud Foundation, and vSphere ESXi products to fix vulnerabilities that could allow remote code execution (RCE) and privilege escalation. Notable flaws include CVE-2024-37079 and CVE-2024-37080, which involve heap-overflow vulnerabilities in the DCE/RPC protocol, and CVE-2024-37081, which pertains to local privilege escalation via sudo misconfiguration. Users are strongly advised to apply these patches promptly to mitigate potential risks, as these vulnerabilities, although not yet exploited in the wild, are highly critical.

Critical UEFI Vulnerability Discovered in Hundreds of Intel-Based PCs

Link: Bleeping Computer Dark Reading The Hacker News

A newly discovered UEFI firmware vulnerability, dubbed "Phoenix," affects hundreds of Intel-based PC models, posing significant security risks. This high-risk overflow bug, found in Intel chips, allows potential attackers to execute arbitrary code or bypass security features. Researchers emphasize the critical need for firmware updates to mitigate this threat, highlighting the widespread impact across various PC models from major manufacturers. Users are urged to apply available patches to safeguard their systems against potential exploits.

US Treasury Sanctions Kaspersky, Bans Software Over National Security Concerns

Link: The Hacker News The Hacker News Dark Reading

The US Treasury has sanctioned 12 entities linked to Kaspersky and banned the use of its software by government agencies and contractors, citing national security risks. The move reflects ongoing concerns about potential cyber threats and espionage. Kaspersky, a prominent cybersecurity firm, is required to cease operations with US customers by a specified deadline. The sanctions underscore heightened scrutiny on software linked to foreign adversaries.

Rafel RAT Targets Outdated Android Phones in New Ransomware Attacks

Link: Bleeping Computer

The Rafel Remote Access Trojan (RAT) is targeting outdated Android phones in a new wave of ransomware attacks. Exploiting vulnerabilities in older Android versions, Rafel RAT enables attackers to gain control over devices, steal data, and deploy ransomware. Users of outdated Android devices are urged to update their systems and apply security patches to protect against these emerging threats.

North Korean Hackers Breach 1,590 Crypto Wallets, Says CoinStats

Link: Bleeping Computer

CoinStats has reported that North Korean hackers successfully breached 1,590 cryptocurrency wallets, leading to significant financial losses. The attackers employed sophisticated phishing schemes and malware to gain access to the wallets, exploiting security weaknesses. This incident highlights the growing threat posed by state-sponsored cybercrime in the cryptocurrency sector and the need for robust security measures to protect digital assets.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.