The new variant of the exploit can be used to open a reverse shell on a vulnerable system.
A ready-made exploit for the remote code execution vulnerability in VMware vCenter (CVE-2021-22005) is now widely available, which is what cybercriminals are using.
Unlike the version posted on the Internet at the end of last week, the new version of the exploit can be used to open a reverse shell on a vulnerable system, allowing you to remotely execute arbitrary code.
The vulnerability allows an attacker to upload files to the vCenter Server analytic service without any authorization.
Exploit developer wvu has released an unedited exploit for CVE-2021-22005 that works on endpoints with the Customer Experience Improvement Program (CEIP) enabled, which is usually enabled by default.
However, according to VMware, the vulnerability can be exploited by “anyone who has access to the vCenter Server over the network, regardless of configuration settings.”
In his technical analysis wvu details told about what his code does at each stage, from making requests to create the directory required to traverse the directory and planning a reverse shell deployment.
As the researcher notes, although the exploit generates many files, the attack is not detected by standard security solutions, so he recommended using the Audit Framework, which collects data on both security events and events that are not related to security.
VMware disclosed CVE-2021-22005 on September 21 this year. The issue received a hazard rating of 9.8 out of a maximum of 10. In published last week notification The Cyber and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations using vCenter servers to prioritize updates to those machines or apply workarounds.
A few days after the release of the CISA notice, the first PoC exploit appeared on the Internet. In its original form, it was non-functional, so inexperienced script kiddies could not use it. Nevertheless, hackers with specialized skills were quite capable of turning it into a working tool for remote code execution.
Attackers began to show interest in the vulnerability just a few hours after the manufacturer disclosed it. Now that a full-fledged exploit is available, inexperienced hackers will join the ranks of attackers and the number of attacks, including those using ransomware, will increase.
NASA intends to “in full force” to investigate UFOs – this will be done by specialists in aerospace security and artificial intelligence
NASA is seriously planning to do research on UFOs. The agency announced this in June, and now there are new details. The research will be led by astrophysicist David Spergel, president of the Simons Foundation in New York. The group will also include 15-17 of the world’s leading scientists, including aerospace security experts and artificial intelligence specialists.
The formation of the group is planned to be completed by October. The project itself is designed for 9 months, and the cost of research will be about $100,000.
According to Daniel Evans, spokesman for the Agency’s Science Mission Directorate (SMD), NASA intends to study the phenomenon “in full force”. At the same time, the agency tries to avoid the term UFO, instead using the concept of “unidentified aerial phenomena” (UAP).
Evans noted that NASA has a unique opportunity for such work. He also stated that other agencies do not enjoy such public confidence. The aim of the project is to classify the available UAP data and find ways to monitor it.
Earlier, NASA launched a service that shows how the human voice sounds on Mars.
Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal
At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.
The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.
“Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.
According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.
Hackers hacked Europe’s largest missile manufacturer
Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.
The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.
The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.
Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.
MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.
“The sale of SIM cards is really becoming more expensive and meaningless,” MTS will reduce sales of SIM cards and the number of communication stores
MTS President Vyacheslav Nikolaev said that the company plans to move towards reducing sales of SIM-cards, as well as reducing...
The SpaceX Starship interplanetary spacecraft has not yet made a single orbital flight, but the Japanese have already announced the launch of their telecommunications satellite on it
One of Asia’s largest telecoms and pay-TV operators, Japanese company Sky Perfect JSat, has announced that it plans to use...
Hackers cracked the latest Pentagon technology
Hackers at the DEF CON 2022 event in Las Vegas managed to break into a new technology of the US...
Leica D-Lux 7 “A Bathing Ape x Stash” camera introduced
Leica has released a special edition of the D-Lux 7 “A Bathing Ape x Stash” camera, which is priced at...
Phones4 days ago
iOS 16 and iPhone 14 will bring with them a huge amount of advertising
Phones7 days ago
The smartphone market is declining, but Apple does not expect demand for the iPhone to fall and has ordered 90 million units of the iPhone 14
Phones4 days ago
The world’s thinnest smartphone Xiaomi Mix Fold 2 goes on sale in China tomorrow
Electric Cars6 days ago
Revealed jet-powered Zapata JetRacer flying car that flies on kerosene