A Chinese security researcher reports that an unaddressed flaw in vCenter Server, the centralized management utility for VMware, leaves thousands of servers vulnerable to remote attacks without the need for user interaction, according to Cyber Defense Magazine.
VMware has issued an advisory on the vulnerability, designated CVE-2021-21972.
“VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8,” the advisory said. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
Bad Packets employees have reported an increase in activities searching for vulnerable servers in the aftermath of the flaw’s publication. A query of the Shodan search engine turns up more than 6,700 VMware vCenter servers that are potentially vulnerable to the flaw and can be found online.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.