Connect with us
Working exploit available for critical vulnerability in VMware vCenter Working exploit available for critical vulnerability in VMware vCenter

Security

Working exploit available for critical vulnerability in VMware vCenter

Published

on

The new variant of the exploit can be used to open a reverse shell on a vulnerable system.

A ready-made exploit for the remote code execution vulnerability in VMware vCenter (CVE-2021-22005) is now widely available, which is what cybercriminals are using.

Unlike the version posted on the Internet at the end of last week, the new version of the exploit can be used to open a reverse shell on a vulnerable system, allowing you to remotely execute arbitrary code.

The vulnerability allows an attacker to upload files to the vCenter Server analytic service without any authorization.

Exploit developer wvu has released an unedited exploit for CVE-2021-22005 that works on endpoints with the Customer Experience Improvement Program (CEIP) enabled, which is usually enabled by default.

However, according to VMware, the vulnerability can be exploited by “anyone who has access to the vCenter Server over the network, regardless of configuration settings.”

In his technical analysis wvu details told about what his code does at each stage, from making requests to create the directory required to traverse the directory and planning a reverse shell deployment.

As the researcher notes, although the exploit generates many files, the attack is not detected by standard security solutions, so he recommended using the Audit Framework, which collects data on both security events and events that are not related to security.

VMware disclosed CVE-2021-22005 on September 21 this year. The issue received a hazard rating of 9.8 out of a maximum of 10. In published last week notification The Cyber ​​and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations using vCenter servers to prioritize updates to those machines or apply workarounds.

A few days after the release of the CISA notice, the first PoC exploit appeared on the Internet. In its original form, it was non-functional, so inexperienced script kiddies could not use it. Nevertheless, hackers with specialized skills were quite capable of turning it into a working tool for remote code execution.

Attackers began to show interest in the vulnerability just a few hours after the manufacturer disclosed it. Now that a full-fledged exploit is available, inexperienced hackers will join the ranks of attackers and the number of attacks, including those using ransomware, will increase.

Click to comment

Leave a Reply

Your email address will not be published.

Security

NASA intends to “in full force” to investigate UFOs – this will be done by specialists in aerospace security and artificial intelligence

Published

on

NASA intends to in full force to investigate UFOs

NASA is seriously planning to do research on UFOs. The agency announced this in June, and now there are new details. The research will be led by astrophysicist David Spergel, president of the Simons Foundation in New York. The group will also include 15-17 of the world’s leading scientists, including aerospace security experts and artificial intelligence specialists.

NASA intends to

The formation of the group is planned to be completed by October. The project itself is designed for 9 months, and the cost of research will be about $100,000.

According to Daniel Evans, spokesman for the Agency’s Science Mission Directorate (SMD), NASA intends to study the phenomenon “in full force”. At the same time, the agency tries to avoid the term UFO, instead using the concept of “unidentified aerial phenomena” (UAP).

Evans noted that NASA has a unique opportunity for such work. He also stated that other agencies do not enjoy such public confidence. The aim of the project is to classify the available UAP data and find ways to monitor it.

Earlier, NASA launched a service that shows how the human voice sounds on Mars.

Continue Reading

Security

Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal

Published

on

Is Elon Musks Satellite Internet Under Threat Enthusiast Hacked Starlink

At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

This is what the Starlink terminal looks like

According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.

Continue Reading

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Most Popular