Dangerous VMware Vulnerability; CISA Warns On: Pulse Secure VPN Servers; Microsoft Windows Defender Definition Crash Issue; Malicious Libraries In RubyGems Repository

VMware recently released a patch for a vulnerability in vCenter management product; the vulnerability was given a CVSS score of 10. It is now known that the flaw could be exploited by anyone on the network to create new administrator accounts in the vCenter Directory. Admins are urged to apply the patch as soon as possible.

Read more in

A patch was made available for an arbitrary file reading vulnerability in Pulse Secure VPN a year ago. However, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has warned that even if an organization has applied the fix, hackers could still use credentials stolen before the flaw was patched to access the system unless the organization has changed those credentials. Hackers used stolen Active Directory credentials to place ransomware on systems at US hospitals.

Read more in

A recent Windows Defender definition update caused Windows 10 machines running the Microsoft anti-malware component to crash while in the middle of a full antivirus scan. Late last week, Microsoft pushed out a new definition to fix the problem.

Read more in

Hackers uploaded malicious files to the RubyGems package manager. The files have names that are a character or two off from legitimate files. If users download the malicious libraries, the software they build with them will include bitcoin stealing malware.

Read more in

Users can check to see whether their ISP is using features that improve the stability of the Border Gateway Protocol (BGP) through the "Is BGP Safe Yet" site. Sometimes BGP problem are accidental, sending traffic on unexpected routes, and sometimes it is deliberately disrupted, hijacked to route traffic through certain servers so attackers can steal data.

Read more in

GitHub users are being targeted in a phishing scheme. The message in the malicious email says that unauthorized activity has been detected on a user's account, and provides a link that purportedly will show the questionable activity. Instead, the link takes users to a phony GitHub login page where their credentials could be stolen. Attackers have been accessing accounts of people who have fallen for the phish and have been downloading the contents of their repositories.

Read more in

Hackers stole a total of $25 million worth of cryptocurrency from Lendf.me and Uniswap. The thefts are being investigated; they are believed to be related. The hackers used a combination of vulnerabilities and legitimate features to steal the funds.

Read more in

The government of the German state of North Rhine-Westphalia appears to have lost between [euro]31.5 million ($34.2 million) and [euro]100 million ($109 million) to a phishing scheme. The funds were meant to be distributed to individuals and companies affected by the COVID-19 pandemic. The thieves set up a website that looked just like the one the North Rhine-Westphalia government created to help distribute the money. The thieves then sent links to their site, harvested information from people and organizations applying for the funds, and used the information to direct the payments into bank accounts under their control.

Read more in

IT services company Cognizant was the target of a ransomware attack last week. The company notified its clients and shared "indicators of compromise" with them so they could take steps to protect their systems. Forensic information shared with Cognizant clients suggests that the Maze ransomware was used in the attack.

Read more in

A press statement from the US Department of State expresses concern of a recent warning from the Czech Republic's National Cyber and Information Security Agency that hackers were targeting organizations in the country's healthcare sector. Reuters reports that the Prague Airport and a hospital in the Czech Republic both say they staved off cyberattacks against their IT systems.

Read more in

The UK Ministry of Defence (MoD) is temporarily suspending certain cybersecurity requirements for its contractors. Until the COVID-19 threat abates, UK defence contractors will not need the Cyber Essentials Plus cybersecurity certification, which requires a visit from a third-party assessor.

Read more in

Students at the Australian National University (ANU) are protesting the school's plan to install monitoring software on their home computers to ensure that they do not cheat on exams. The software Proctorio, identifies students biometrically, locks down the system to prevent outside information from being transmitted during the exam, and records the environment during the exam. It also tracks students' eye movements. In a separate story, some schools in the US are using Proctorio as well as live remote proctors to monitor students during exams.

Read more in

The US Supreme Court has agreed to review a case in which a former police officer was convicted of violating the Computer Fraud and Abuse Act (CFAA) for accessing data in a system he was authorized to use for a non-work-related purpose. Critics of the CFAA say the 34-year-old is overly broad and does not serve the current cyber climate.

Read more in