Welcome to Security Center – our weekly update on the most devastating cyberattacks, high-severity vulnerabilities, and biggest data leaks – precisely selected by our editors.
Don’t miss it out! Sign up now and have it delivered to your inbox each Monday to start a week safe and sound. Additionally, you will receive a portion of the hottest company news and access to selected technical articles written by our experts with advice and tricks for more effective protection of your IT infrastructure.
In the meantime, let’s check what happened in the cyber-world last week.
VMware patches high-severity vulnerabilities in vRealize Operations
VMware patched a series of vulnerabilities in vRealize Operations. The most severe – CVE-2021-22025, CVSS score of 8.6 – is described as a broken access control vulnerability in the vRealize Operations Manager API. An attacker who has network access to the vRealize Operations Manager API could exploit the vulnerability to add new nodes to an existing vROps cluster. The company also addressed an arbitrary log-file read vulnerability in the vRealize Operations Manager API (CVE-2021-22024, CVSS score of 7.5) and two server-side request forgery (SSRF) vulnerabilities (CVE-2021-22026 and CVE-2021-22027, CVSS score of 7.5). The vendor encourages customers to install all updates as soon as possible, to ensure they remain protected.
Microsoft spills 38 million sensitive data records via careless Power App configs
For months, Microsoft’s Power Apps management portal had inadvertently leaked the data of 47 businesses totaling the exposure of 38 million personal records. Leaked data sets contain COVID-19 vaccination statuses, Social Security numbers, and email addresses. Consumers most affected are those doing business with American Airlines, Ford, the Indiana Department of Health, and New York City public schools. MS Power Apps is a tool mostly used by developers to build applications that share data locally or with the cloud. Hence, Microsoft does not consider the leaky data issue a vulnerability, rather a configuration issue. Case closed? Not for long. The company released a tool for checking Power Apps portals for leaky data. Microsoft also plans to change the product so that table permissions will be enforced by default. Much better…
Malicious WhatsApp version infects Android devices with malware
A malicious version of the FMWhatsApp mod delivers a Triada trojan payload, a nasty surprise that infects devices with up to six additional malware applications, including the very hard-to-remove xHelper trojan. The payload could be used to conduct a wide range of malicious activities, including downloading additional modules, stealthily subscribing the victims to premium services, and signing into WhatsApp accounts on the device. The attackers can also take control of the WhatsApp accounts and spread spam sent on behalf of the victims. Affected is version 16.80.0. The app, only available via unofficial third-party app stores, is one of many popular WhatsApp mods that allow users to add functionality to Facebook’s WhatsApp messenger.
More IT security must-reads
- Ransomware gang’s script shows exactly the files they’re after (Bleeping Computer)
- Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395) (Help Net Security)
- New zero-click iPhone exploit used to deploy NSO spyware (Bleeping Computer)
- Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions (The Hacker News)
- Microsoft Exchange servers being hacked by new LockFile ransomware (Bleeping Computer)
- Joker Virus is Back, Targeting Android Devices (E Hacking News)
- Poly Network Recoups $610M Stolen from DeFi Platform (Threat Post)
- Ragnarok ransomware releases master decryptor after shutdown (Bleeping Computer)
- Critical Flaw Discovered in Cisco APIC for Switches – Patch Released (The Hacker News)
- Synology: Multiple products impacted by OpenSSL RCE vulnerability (Bleeping Computer)