Cyber Bits · · 3 min read

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.

Cyber Bits: June 24, 2024

In this week's Cyber Bits, we cover critical security updates and vulnerabilities impacting major tech ecosystems. Discover VMware's urgent patches for vCenter, Cloud Foundation, and vSphere ESXi to fix severe RCE vulnerabilities. Learn about the significant UEFI firmware flaw affecting hundreds of Intel-based PCs. We also highlight the US Treasury's sanctions on Kaspersky, the targeting of outdated Android phones by Rafel RAT in ransomware attacks, and a breach of 1,590 cryptocurrency wallets by North Korean hackers.

VMware Releases Critical Security Patches for vCenter, Cloud Foundation, and vSphere ESXi to Address Remote Code Execution Vulnerabilities

Link: Bleeping Computer The Hacker News

VMware has released critical security updates for its vCenter Server, Cloud Foundation, and vSphere ESXi products to fix vulnerabilities that could allow remote code execution (RCE) and privilege escalation. Notable flaws include CVE-2024-37079 and CVE-2024-37080, which involve heap-overflow vulnerabilities in the DCE/RPC protocol, and CVE-2024-37081, which pertains to local privilege escalation via sudo misconfiguration. Users are strongly advised to apply these patches promptly to mitigate potential risks, as these vulnerabilities, although not yet exploited in the wild, are highly critical.

Critical UEFI Vulnerability Discovered in Hundreds of Intel-Based PCs

Link: Bleeping Computer Dark Reading The Hacker News

A newly discovered UEFI firmware vulnerability, dubbed "Phoenix," affects hundreds of Intel-based PC models, posing significant security risks. This high-risk overflow bug, found in Intel chips, allows potential attackers to execute arbitrary code or bypass security features. Researchers emphasize the critical need for firmware updates to mitigate this threat, highlighting the widespread impact across various PC models from major manufacturers. Users are urged to apply available patches to safeguard their systems against potential exploits.

US Treasury Sanctions Kaspersky, Bans Software Over National Security Concerns

Link: The Hacker News The Hacker News Dark Reading

The US Treasury has sanctioned 12 entities linked to Kaspersky and banned the use of its software by government agencies and contractors, citing national security risks. The move reflects ongoing concerns about potential cyber threats and espionage. Kaspersky, a prominent cybersecurity firm, is required to cease operations with US customers by a specified deadline. The sanctions underscore heightened scrutiny on software linked to foreign adversaries.

Rafel RAT Targets Outdated Android Phones in New Ransomware Attacks

Link: Bleeping Computer

The Rafel Remote Access Trojan (RAT) is targeting outdated Android phones in a new wave of ransomware attacks. Exploiting vulnerabilities in older Android versions, Rafel RAT enables attackers to gain control over devices, steal data, and deploy ransomware. Users of outdated Android devices are urged to update their systems and apply security patches to protect against these emerging threats.

North Korean Hackers Breach 1,590 Crypto Wallets, Says CoinStats

Link: Bleeping Computer

CoinStats has reported that North Korean hackers successfully breached 1,590 cryptocurrency wallets, leading to significant financial losses. The attackers employed sophisticated phishing schemes and malware to gain access to the wallets, exploiting security weaknesses. This incident highlights the growing threat posed by state-sponsored cybercrime in the cryptocurrency sector and the need for robust security measures to protect digital assets.

Read next

Cyber Bits: July 8, 2024
Cyber Bits ·

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: June 17, 2024
Cyber Bits ·

Cyber Bits: June 17, 2024

London hospitals canceled 800+ operations due to ransomware, fake Chrome errors trick users into running malicious scripts, KeyTronic confirms a data breach after ransomware leaks, high-severity vulnerabilities affect ASUS routers, and Microsoft announces new security changes for Outlook.