Cybersecurity

5984 readers

32 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Russians invade Microsoft exec mail while China jabs at VMware vCenter Server (www.theregister.com)

submitted 1 year ago by [email protected] to c/cybersecurity

1 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago

This is the best summary I could come up with:

"A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution," the virtualization giant noted last year.

Additionally, according to Mandiant, UNC3886 last year abused a critical Fortinet bug to deploy custom malware to steal credentials and maintain network access via compromised devices.

In reviewing VMware crash logs, the network defenders noticed the vmdird service dying shortly before intruders deployed backdoors on a victim's systems.

Also on Friday the US government's CISA issued an emergency directive requiring federal agencies to apply mitigations to Ivanti Connect Secure devices "as soon as possible and no later than 2359 EST on Monday, January 22."

Ivanti disclosed, and issued mitigations for two zero-days, on January 10, and since then security researchers have warned that at least 1,700 devices have been compromised via the bugs, likely by Chinese nation-state attackers.

In a call with reporters on Friday, CISA Executive Assistant Director Eric Goldstein said about 15 federal agencies had the flawed Ivanti VPN servers in use, though noted they have already apparently applied the mitigations.

The original article contains 595 words, the summary contains 179 words. Saved 70%. I'm a bot and I'm open source!