Groups Similar Look up By Text Browse About
Retrieving of new articles is suspended since June 2022

Similar articles
Article Id Title Prob Score Similar Compare
232272 ARSTECHNICA 2022-5-18:
2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms
1.000 Find similar Compare side-by-side
232312 ZDNET 2022-5-19:
Patch these vulnerable VMware products or remove them from your network, CISA warns federal agencies
0.711 0.584 Find similar Compare side-by-side
232001 VENTUREBEAT 2022-5-18:
New Relic releases new vulnerability management solution
0.004 0.458 Find similar Compare side-by-side
232189 ZDNET 2022-5-16:
Nasty Zyxel remote execution bug is being exploited
0.017 0.440 Find similar Compare side-by-side
232193 ZDNET 2022-5-16:
Microsoft warns: This botnet has new tricks to target Linux and Windows systems
0.420 Find similar Compare side-by-side
231989 ZDNET 2022-5-16:
CISA 'temporarily' removes Windows vulnerability from its must-patch list
0.356 Find similar Compare side-by-side
231999 ZDNET 2022-5-18:
FBI and NSA say: Stop doing these 10 things that let the hackers in
0.353 Find similar Compare side-by-side
232243 VENTUREBEAT 2022-5-18:
How weaponized ransomware is quickly becoming more lethal
0.327 Find similar Compare side-by-side
232485 VENTUREBEAT 2022-5-20:
What the U.S. government’s security testing protections mean for enterprises
0.318 Find similar Compare side-by-side
231997 ZDNET 2022-5-18:
Wizard Spider hackers hire cold callers to scare ransomware victims into paying up
0.314 Find similar Compare side-by-side
232288 ZDNET 2022-5-20:
Microsoft: This botnet is growing fast and hunting for servers with weak passwords
0.305 Find similar Compare side-by-side
232237 VENTUREBEAT 2022-5-20:
Report: Frequency of cyberattacks in 2022 has increased by almost 3M
0.298 Find similar Compare side-by-side
232291 ZDNET 2022-5-20:
Fake domains offer Windows 11 installers - but deliver malware instead
0.289 Find similar Compare side-by-side
232430 ARSTECHNICA 2022-5-20:
Researchers find backdoor lurking in WordPress plugin used by schools
0.283 Find similar Compare side-by-side
232328 ZDNET 2022-5-19:
This Russian botnet does far more than DDoS attacks - and on a massive scale
0.276 Find similar Compare side-by-side
232331 ZDNET 2022-5-19:
Cyberattacks and misinformation activity against Ukraine continues say security researchers
0.275 Find similar Compare side-by-side
231985 ARSTECHNICA 2022-5-18:
New Bluetooth hack can unlock your Tesla—and all kinds of other devices
0.273 Find similar Compare side-by-side
232219 ZDNET 2022-5-20:
Microsoft's out-of-band patch fixes Windows AD authentication failures
0.271 Find similar Compare side-by-side
232083 VENTUREBEAT 2022-5-17:
Google Cloud launches open-source service and new zero-trust offering
0.263 Find similar Compare side-by-side
232138 VENTUREBEAT 2022-5-15:
Car hack attacks: It’s about data theft, not demolition
0.259 Find similar Compare side-by-side
232208 ZDNET 2022-5-17:
FBI: Hackers used malicious PHP code to grab credit card data
0.259 Find similar Compare side-by-side
232363 ZDNET 2022-5-19:
US Justice Department won't prosecute white-hat hackers under the CFAA
0.250 Find similar Compare side-by-side
232087 VENTUREBEAT 2022-5-17:
Sevco Security delivers continuous asset IT inventory monitoring
0.245 Find similar Compare side-by-side
232047 ARSTECHNICA 2022-5-16:
Researchers devise iPhone malware that runs even when device is turned off
0.240 Find similar Compare side-by-side
232191 ZDNET 2022-5-16:
Researchers warn of APTs, data leaks as serious threats against UK financial sector
0.240 Find similar Compare side-by-side


ID: 232272


Date: 2022-05-18

2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

Security flaws in VMware and F5's BIG-IP are being exploited by malicious hackers. Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware. The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. Both vulnerabilities give attackers the ability to remotely execute malicious code or commands that run with unfettered root system privileges. The largely uncoordinated exploits appear to be malicious, as opposed to benign scans that attempt to identify vulnerable servers and quantify their number. On April 6, VMware disclosed and patched a remote code execution vulnerability tracked as CVE-2022-22954 and a privilege escalation flaw tracked as CVE-2022-22960. According to an advisory published on Wednesday by the Cybersecurity and Infrastructure Security Agency, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices. CISA said the actors were likely part of an advanced persistent threat, a term for sophisticated and well-financed hacker groups typically backed by a nation-state. Once the hackers have compromised a device, they use their root access to install a webshell known as Dingo J-spy on the networks of at least three organizations. According to trusted third-party reporting, threat actors may chain these vulnerabilities. At one compromised organization, on or around April 12, 2022, an unauthenticated actor with network access to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware user, Wednesdays advisory stated. The actor then exploited CVE-2022-22960 to escalate the users privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems. Independent security researcher Troy Mursch said in a direct message that exploits hes captured in a honeypot have included payloads for botnet software, webshells, and cryptominers. CISAs advisory came the same day VMware disclosed and patched two new vulnerabilities. One of the vulnerabilities, CVE-2022-22972, also carries a severity rating of—you guessed it—9.8. The other one, CVE-2022-22973, is rated 7.8. Given the exploits already underway for the VMware vulnerabilities fixed last month, CISA said it expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. Meanwhile, enterprise networks are also under attack from hackers exploiting CVE-2022-1388, an unrelated vulnerability with a 9.8 severity rating found in BIG-IP, a software package from F5. Nine days ago, the company disclosed and patched the vulnerability, which hackers can exploit to execute commands that run with root system privileges. The scope and magnitude of the vulnerability prompted marvel and shock in some security circles and earned it a high severity rating. In more recent days, however, researchers captured thousands of malicious requests that demonstrate a significant portion of the exploits are used for nefarious purposes. In an email, researchers from security firm Greynoise wrote: Given that the requests involving this exploit require a POST request and result in an unauthenticated command shell on the F5 Big-IP device, we have classified actors using this exploit as malicious. We have observed actors using this exploit through anonymity services such as VPNs or TOR exit nodes in addition to known internet VPS providers. We expect actors attempting to find vulnerable devices to utilize non-invasive techniques that do not involve a POST request or result in a command shell, which are catalogued in our tag for F5 Big-IP crawlers: https://viz. crawler.  This crawler tag did experience a rise in traffic correlated with the release of CVE-2022-1388. Mursch said that the BIG-IP exploits attempt to install the same trio of webshells, malware for performing distributed denial-of-service attacks, and cryptominers seen in the attacks on unpatched VMware machines. The image below, for instance, shows an attack that attempts to install widely recognized DDoS malware. The following three images show hackers exploiting the vulnerability to execute commands that fish for encryption keys and other types of sensitive data stored on a compromised server.