• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    This is the best summary I could come up with:


    “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution,” the virtualization giant noted last year.

    Additionally, according to Mandiant, UNC3886 last year abused a critical Fortinet bug to deploy custom malware to steal credentials and maintain network access via compromised devices.

    In reviewing VMware crash logs, the network defenders noticed the vmdird service dying shortly before intruders deployed backdoors on a victim’s systems.

    Also on Friday the US government’s CISA issued an emergency directive requiring federal agencies to apply mitigations to Ivanti Connect Secure devices “as soon as possible and no later than 2359 EST on Monday, January 22.”

    Ivanti disclosed, and issued mitigations for two zero-days, on January 10, and since then security researchers have warned that at least 1,700 devices have been compromised via the bugs, likely by Chinese nation-state attackers.

    In a call with reporters on Friday, CISA Executive Assistant Director Eric Goldstein said about 15 federal agencies had the flawed Ivanti VPN servers in use, though noted they have already apparently applied the mitigations.


    The original article contains 595 words, the summary contains 179 words. Saved 70%. I’m a bot and I’m open source!