Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

November 18, 2024 at 05:38PM Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been actively exploited after Broadcom’s patch attempts. CVE-2024-38812 allows remote code execution, while CVE-2024-38813 permits privilege escalation. These flaws affect multiple vCenter and VMware Cloud Foundation versions, making them critical targets for cybercriminals. **Meeting Takeaways:** 1. **Vulnerabilities Identified**: Two critical vulnerabilities in … Read more

Critical RCE bug in VMware vCenter Server now exploited in attacks

November 18, 2024 at 02:00PM Broadcom has warned that two VMware vCenter Server vulnerabilities, CVE-2024-38812 (a critical remote code execution flaw) and CVE-2024-38813 (a privilege escalation flaw), are being actively exploited. Customers are urged to apply new security updates to mitigate risks, as no workarounds are available for these vulnerabilities. ### Meeting Takeaways 1. **Active … Read more

Broadcom fixes critical RCE bug in VMware vCenter Server

September 17, 2024 at 04:00PM Broadcom has addressed a critical VMware vCenter Server vulnerability (CVE-2024-38812) that allows unauthenticated remote attackers to achieve remote code execution through a heap overflow weakness in vCenter’s DCE/RPC protocol. Security patches are available, with the company advising administrators to apply the updates listed in the VMware Security Advisory to protect … Read more

VMware Patches Critical SQL-Injection Flaw in Aria Automation

July 10, 2024 at 12:54PM VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 … Read more

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

June 18, 2024 at 02:11AM Critical-rated flaws (CVE-2024-37079 & CVE-2024-37080) in vCenter Server by VMware/Broadcom pose remote code execution risk. The heap-overflow vulnerabilities in DCE/RPC protocol could be exploited by a network-based attacker. Despite no known in-the-wild exploitation, older vSphere versions 6.5 and 6.7 lack fixes. Additionally, an important-rated privilege escalation flaw (CVE-2024-37081) is present. … Read more

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

May 14, 2024 at 09:48AM VMware, owned by Broadcom, issues security advisory for Workstation and Fusion, announcing patches for vulnerabilities exploited at Pwn2Own hacking competition. Advisories are now available on Broadcom’s support website. The latest advisory details four vulnerabilities, with three reported at Pwn2Own Vancouver 2024 and the fourth by a researcher outside the competition. … Read more

Broadcom Merges Symantec and Carbon Black Into New Business Unit

March 11, 2024 at 02:51PM Broadcom announced the merger of Carbon Black and Symantec into a new unit focusing on integrating network and data telemetry with Endpoint Detection and Response (EDR) technologies. The new Enterprise Security Group will manage Broadcom’s cybersecurity portfolio and enhance the products of both companies for greater customer visibility and control. … Read more

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

October 19, 2023 at 06:39AM Between February and September 2023, the Iran-linked threat actor, OilRig, conducted an eight-month cyber espionage campaign against an unnamed Middle East government. The attack involved the theft of files and passwords, as well as the deployment of a PowerShell backdoor called PowerExchange. Additional malware used included Tokel, Dirps, and Clipog. … Read more