The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to add security flaws in Plex and VMware appliances, reports SecurityWeek.
Exploitation for the high-severity Plex Media Server vulnerability, tracked as CVE-2020-5741, has commenced following its use to compromise Plex in August, resulting in the theft of data from more than 15 million customers.
Recent reports have noted the potential link between the Plex vulnerability and last year's LastPass hack.
"We learned from LastPass that the vulnerability that was exploited is detailed here: https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819, which was disclosed by Plex publicly back in May, 2020 (a good 2.5 years prior to the LastPass event). At the time, as noted in that post, an updated version of the Plex Media Server was made available to all (7-MAY-2020). Unfortunately, the LastPass employee never upgraded their software to activate the patch," said Plex.
CISA has also added a remote code execution flaw in XStream, tracked as CVE-2021-39144, impacting VMware Cloud Foundation and NSX Data Center for vSphere, which the agency noted also affects other products. Both flaws should be remediated by the end of the month.
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.