Here are the top security stories from recent weeks.
- VMware Releases Critical Security Update for vCenter Server Vulnerability Allowing Remote Code Execution and Control
- Hewlett Packard Enterprise (HPE) Fixes Critical Vulnerability in Server Systems Management Software
- Threat Group Behind SolarWinds Using Legitimate Mass-Emailing Service to Distribute Malicious URLs
- Canada Post Supplier Attack Results in Data Breach Impacting 950,000 Recipients
- Fujitsu Hack Results in Multiple Japanese Agency Data Breaches
VMware has patched a 9.8/10 vulnerability affecting its widely used vCenter Server management platform which can allow attackers to execute commands on vCenter hosts. The vCenter Server does not need to be exposed externally to exploit this vulnerability; the exploit can be accomplished if attackers are inside the network or can access vCenter Server over port 443. The vulnerability is tracked as CVE-2021-21985. In addition to the security update, VMware has also released workarounds to mitigate the vulnerability.
HPE has released a security fix for a critical zero-day vulnerability in its Systems Insight Manager (SIM) remote server management software first disclosed in December 2020. HPE has rated the remote code execution vulnerability as critical (9.8/10) as it allows attackers to exploit the bug without elevated privileges or user interaction. HPE has also provided mitigation information for organizations who cannot apply the security update immediately. The vulnerability is tracked as CVE-2020-7200 and only affects the Windows version of the SIM 7.6.x software.
Microsoft Threat Intelligence Center (MSTIC) has discovered the threat actor group behind SolarWinds using a legitimate mass-emailing service, Constant Contact, to launch email campaigns distributing malicious URLs aimed at creating network persistence. The group poses as a U.S. development organization named U.S. Agency for International Development (USAID) targeting various organizations and industry verticals. MSTIC has published mitigations and IOCs against the campaign.
The personal information of over 950,000 Canada Post parcel recipients was exposed after a supplier, Commport Communications, was compromised by a malware attack. Names, postal addresses, email addresses, and phone numbers were part of the exposed data. Canada Post, Canada’s largest postal operator, has since informed their 44 impacted business customers of the attack.
Attackers accessed over 76,000 email addresses and proprietary information from Japanese agencies including the Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC). The email addresses and information were obtained after attackers gained access to government systems using Fujitsu’s ProjectWEB information sharing tool. Fujitsu has since suspended the ProjectWEB online portal while the incident is under investigation.
To learn about secure access service edge (SASE) and how it can protect organizations from exposure of sensitive information, malware, and web-based attacks, download our SASE with Bitglass technical brief below.