#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

virtualization | Breaking Cybersecurity News | The Hacker News

Category — virtualization
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Nov 12, 2024 Virtualization / Vulnerability
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr , is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the desktop for audit, compliance, and troubleshooting purposes. Particularly, the vulnerability exploits the "combination of a carelessly-exposed MSMQ instance with misconfigured permissions that leverages BinaryFormatter can be reached from any host via HTTP to perform unauthenticated RCE," security researcher Sina Kheirkhah said. The vulnerability details are listed below - CVE-2024-8068 (CVSS score: 5.1) - Privilege escalation to NetworkService Account access CVE-2024-8069 (CVSS score: 5.1) - Limited remote code execution with the privilege of a NetworkService Account acces...
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

Nov 08, 2024 Malware / Virtualization
Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP , starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email. "What makes the CRON#TRAP campaign particularly concerning is that the emulated Linux instance comes pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server," Securonix researchers Den Iuzvyk and Tim Peck said in an analysis. "This setup allows the attacker to maintain a stealthy presence on the victim's machine, staging further malicious activity within a concealed environment, making detection challenging for traditional antivirus solutions." The phishing messages purport to be an "OneAmerica survey" th...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Sep 18, 2024 Virtualization / Network Security
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol . "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution," the virtualization services provider said in a bulletin. The shortcoming is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores: 9.8), that VMware resolved in vCenter Server in June 2024. Also addressed by VMware is a privilege escalation flaw in the vCenter Server (CVE-2024-38813, CVSS score: 7.5) that could enable a malicious actor with network access to the instance to escalate privileges to root by sending a specially crafted network packet. Securit...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Aug 08, 2024 Windows Security / Vulnerability
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS score: 6.7) - Windows Secure Kernel Mode Elevation of Privilege Vulnerability Credited with discovering and reporting the flaws is SafeBreach Labs researcher Alon Leviev, who presented the findings at Black Hat USA 2024 and DEF CON 32 . CVE-2024-38202, which is rooted in the Windows Backup component, allows an "attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)," the tech giant said. It, however, noted that an attacker attempting to leverage the flaw would have to c...
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

Jun 18, 2024 Network Security / Vulnerability
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet CVE-2024-37081 (CVSS score: 7.8) - Multiple local privilege escalation vulnerabilities in VMware vCenter arising due to the misconfiguration of sudo that an authenticated local user with non-administrative privileges could exploit to obtain root permissions This is not the first time VMware has addressed shortcomings in the implementation of the DCE/RPC protocol. In October 2023, the Broadcom-owned virtualization services provider patched another criti...
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

May 23, 2024 Ransomware / Virtualization
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse," cybersecurity firm Sygnia  said  in a report shared with The Hacker News. The Israeli company, through its incident response efforts involving various ransomware families like LockBit, HelloKitty, BlackMatter, RedAlert (N13V), Scattered Spider, Akira, Cactus, BlackCat and Cheerscrypt, found that attacks on virtualization environments adhere to a similar sequence of actions. This includes the following steps - Obtaining initial access through phishing attacks, malicious file downloads, and exploitation of known vulnerabilities in internet-facing assets Escalating their ...
Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

May 21, 2024 Windows 11 Security
 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the tech giant  said . The Windows maker  originally announced  its decision to drop NTLM in favor of Kerberos for authentication in October 2023. NTLM's lack of support for cryptographic methods such as AES or SHA-256 notwithstanding, the protocol has also been rendered susceptible to relay attacks, a technique that has been widely exploited by the Russia-linked  APT28 actor  via zero-day flaws in Microsoft Outlook. Other changes coming to Windows 11 include enabling  Local Security Authority (LSA) protection  by default for new consumer devices and the use of v...
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Dec 01, 2023 Mobile Security / Banking Security
Cybersecurity researchers have disclosed a new sophisticated Android malware called  FjordPhantom  that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app security firm Promon  said  in an analysis published Thursday. Propagated mainly via email, SMS, and messaging apps, attack chains trick recipients into downloading a purported banking app that comes fitted with legitimate features but also incorporates rogue components. Victims are then subjected to a social engineering technique akin to telephone-oriented attack delivery ( TOAD ), which involves calling a bogus call center to receive step-by-step instructions for running the app. A key characteristic of the malware that sets it apart from other banking trojans of its kind is th...
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Oct 25, 2023 Exploit / Vulnerability
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware  noted  in an advisory on October 19, 2023. James Horseman from Horizon3.ai and the Randori Attack Team have been credited with discovering and reporting the flaw. Horizon3.ai has since made available a  PoC for the vulnerability , prompting VMware to revise its advisory this week. It's worth noting that CVE-2023-34051 is a patch bypass for a  set of critical flaws  that were addressed by VMware earlier this January that could expose users to remote code execution at...
Researchers Defeat AMD's SEV Virtual Machine Encryption

Researchers Defeat AMD's SEV Virtual Machine Encryption

May 28, 2018
German security researchers claim to have found a new practical attack against virtual machines (VMs) protected using AMD's Secure Encrypted Virtualization (SEV) technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization (SEV) technology, which comes with EPYC line of processors, is a hardware feature that encrypts the memory of each VM in a way that only the guest itself can access the data, protecting it from other VMs/containers and even from an untrusted hypervisor. Discovered by researchers from the Fraunhofer Institute for Applied and Integrated Security in Munich, the page-fault side channel attack, dubbed SEVered, takes advantage of lack in the integrity protection of the page-wise encryption of the main memory, allowing a malicious hypervisor to extract the full content of the main memory in plaintext from SEV-encrypted VMs. Here's the outline of the SEVered attack, as briefed in the paper :...
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

May 14, 2015
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But don't panic. Though the recent vulnerability has a more terrific name than HeartBleed , it is not going to cause as much danger as HeartBleed did. Dubbed VENOM , stands for Virtualized Environment Neglected Operations Manipulation , is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory. Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year's HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information. Now let's know more about Ven...
Fedora 14 Introduces libjpegturbo for Faster Image Processing

Fedora 14 Introduces libjpegturbo for Faster Image Processing

Nov 05, 2010
Fedora 14, known as "Laughlin," officially launched on Tuesday, offering numerous new features aimed at enhancing the user experience for this open-source desktop operating system. Usability Focus In recent releases, Fedora, sponsored by Red Hat, has concentrated on improving usability. According to DistroWatch, Fedora is the second most popular Linux distribution after Ubuntu. Recent improvements have targeted networking, software management, and hardware support, focusing on bug fixes and stability in the latest release. Enhanced Desktop Environment One significant addition to Fedora 14 is "libjpegturbo," a library that dramatically improves performance for users loading and saving JPEG images. This library "practically halves processing time on most systems," claim the developers, even benefiting those on older hardware. Another notable feature is SPICE (Simple Protocol for Independent Computing Environment), a desktop virtualization framework enha...
Expert Insights / Articles Videos
Cybersecurity Resources