We also wrote that Some Versions of VMware Carbon Black Cause BSODs on Windows.
Let me remind you that the CVE-2022-22954 vulnerability is associated with remote arbitrary code execution and affects VMware Workspace ONE Access. The bug scored 9.8 out of 10 on the CVSS vulnerability rating scale, and VMware discovered and fixed the issue on April 6 this year. However, the attackers reversed this fix and within 48 hours created an exploit, which was then used to compromise yet unpatched servers.
Let me remind you that we also wrote that Hackers leaked credentials of 500,000 Fortinet VPN accounts to the public.
Fortinet developers reported a critical vulnerability in their products earlier this week, and released patches for a dangerous problem that was already under attack at that time.Authentication bypass using alternative path or channel [CWE-88] in FortiOS and FortiProxy allows [...]
These credentials were allegedly copied from vulnerable devices last summer. The attackers say that the vulnerability used to collect information has already been fixed, but many of the credentials are still valid.
Bleeping Computer writes that the list of credentials was released free of charge by hacker Orange, who is the administrator of the recently launched hack forum RAMP and a former operator of Babuk.
Previously, due to disagreements between members of the hack group Bubuk, Orange separated from the team to found RAMP, [...]
Fortinet — is an American company that specializes in the development and promotion of software, solutions and services in the field of information security.
In the Joint Cybersecurity Advisory (CSA) published, the agencies warn admins and users that the state-sponsored hacking groups are “likely” exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
“APT groups can use these vulnerabilities and other [...]
As a result, security solutions can be used for file manipulation attacks, and malware can gain elevated rights in the system.
Errors of this kind have been found in products from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender.
Currently, developers have already fixed all the problems, and the identifiers assigned to them can be seen below (Avast and F-Secure solutions are still awaiting CVE [...]