InfoSecBulletin Cybersecurity for mankind
VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by attackers to run malicious code. CVE-2024-38811 is a vulnerability caused by using an insecure environment variable in the application, with a CVSSv3 score of 8.8, making it important.
VMware Fusion 13.x versions on MacOS are impacted. A security flaw in VMware Fusion lets a regular user execute any code in the application.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
This flaw is worrying because it can be exploited without needing special access, so more attackers could use it.
Broadcom released an update to fix the vulnerability. Users should upgrade to VMware Fusion 13.6, the patched version.
There are no known workarounds for this vulnerability, making the update crucial for maintaining security. VMware has credited Mykola Grymalyuk of RIPEDA Consulting for responsibly reporting the issue, allowing the company to address the vulnerability before it could be exploited in the wild.
Users are advised to update VMware Fusion now to protect against exploitation. It’s crucial for organizations to prioritize this update to safeguard their systems from potential attacks.
As of now, there are no known specific exploits in circulation for CVE-2024-38811.
