VMware releases fix for severe View Planner RCE vulnerability

Posted by & filed under Security Alerts.

VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. View Planner is a free tool for benchmarking desktop client and server-side performance in Virtual Desktop Infrastructure environments. The vulnerability was discovered and reported to VMware by Positive Technologies web application… Read more »

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Posted by & filed under Security Alerts.

Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities. The alert comes on the heels of Microsoft’s disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to… Read more »

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Posted by & filed under Security Alerts.

Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. National CSIRT-CY is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script as soon as possible to help determine whether their systems are… Read more »

Malicious NPM packages target Amazon, Slack with new dependency attacks

Posted by & filed under Security Alerts.

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools. This flaw works… Read more »

Federal Reserve nationwide outage impacts US banking system

Posted by & filed under Security News.

The US Federal Reserve suffered a massive IT systems outage today that prevented wire transfers, ACH transactions, and other services from operating. When performing a US wire transfer or ACH withdrawal/deposit, the transaction first goes through the Federal Reserve Bank systems who facilitate the transaction. Today, the Federal Reserve banking systems suffered an outage caused… Read more »