NIST's guidance for a Zero Trust Architecture

Recent AD News

VMware patches critical RCE vulnerability that allowed attackers to execute code remotely

VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.

The company said in its advisory that “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”

VMware also addressed another vulnerability that allows unauthorized users to send POST requests that allow for further attacks, including the ability to scan the company’s internal network and retrieve data about the open ports of various services. The company provided workarounds for these flaws until the updates can be deployed. The workaround details can be found here.

Related posts
Recent AD News

650+ compromised credentials found to be in use within NEW Cooperative-the latest organization hit by ransomware

Recent AD News

CISA, FBI, and NSA anticipate a rise in Conti ransomware attacks, issue joint cybersecurity advisory

Recent AD News

Azure security flaw puts Zero-Trust in the spotlight

Recent AD News

Attackers use stolen credentials to intrude into the UN network

Leave a Reply

Your email address will not be published. Required fields are marked *