Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

November 18, 2024 at 05:38PM Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been actively exploited after Broadcom’s patch attempts. CVE-2024-38812 allows remote code execution, while CVE-2024-38813 permits privilege escalation. These flaws affect multiple vCenter and VMware Cloud Foundation versions, making them critical targets for cybercriminals. **Meeting Takeaways:** 1. **Vulnerabilities Identified**: Two critical vulnerabilities in … Read more

Windows infected with backdoored Linux VMs in new phishing attacks

November 4, 2024 at 10:56AM The ‘CRON#TRAP’ phishing campaign targets Windows systems using deceptive emails to install a Linux virtual machine with a backdoor for stealthy corporate network access. Leveraging the legitimate QEMU tool, attackers ensure persistence and communication via a tunneling program, enabling various malicious actions undetected by security measures. ### Meeting Takeaways on … Read more

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more

Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack

November 14, 2023 at 01:45PM Researchers have discovered a new attack method called CacheWarp that affects AMD processors. It poses a risk to protected virtual machines by allowing hackers to hijack control flow, break into encrypted VMs, and escalate privileges. CacheWarp is a software-based fault injection attack resulting from an architectural bug in AMD CPUs. … Read more

BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks

October 19, 2023 at 05:46PM BlackCat/ALPHV ransomware is using a new tool called ‘Munchkin’ to deploy encryptors on network devices stealthily. The tool runs on virtual machines and allows threat actors to dump passwords, spread on the network, build encryptor payloads, and execute programs on computers. Munchkin makes the ransomware operation more attractive to cybercriminals. … Read more

October Windows Server updates cause Hyper-V VM boot issues

October 17, 2023 at 08:37AM Hyper-V hosts running Windows Server 2019 and Windows Server 2022 are experiencing issues with virtual machines (VMs) failing to boot after installing certain Patch Tuesday updates. Uninstalling the problematic updates resolves the issue, and Microsoft has yet to acknowledge it. In the past, the company released emergency updates to fix … Read more