Home > News > The main attacks and vulnerabilities found by our experts last week: 24th— 30th September
Here are the most relevant headlines of the week, take note and keep informed of all the details:
It has recently come to light that WhatsApp has fixed two 0-day vulnerabilities affecting Android and iOS versions that have received a CVSS rating of up to 9.8, making them critical. Both flaws, CVE-2022-36934 and CVE-2022-27492, would allow attackers to execute arbitrary code remotely.
The versions of WhatsApp affected by this vulnerability are versions prior to v2.22.16.2 on Android and v2.22.15.9 on iOS. There are currently no known active attempts to exploit both flaws.
GTSC Vietnamese cybersecurity team reported two 0-day vulnerabilities in Microsoft Exchange three weeks ago through the Zero Day Initiative (ZDI) that threat actors are actively exploiting.
Microsoft currently recommends considering implementing temporary mitigation that would block attack attempts by adding a new rule in IIS via the URL Rewrite Rule module.
The Mandiant research team has discovered a new malware family targeting VMware system and aimed at installing multiple persistent backdoors on ESXi hypervisors. Mandiant links its discovery to the threat actor tracked as UNC3886, which appears to have focused on developing and deploying malware on systems that do not normally support EDR.
The detected malware currently targets VMware ESXi, Linux vCenter servers, and Windows virtual machines. It would allow transferring files between hypervisors and guest machines, modifying registries, and executing arbitrary commands between virtual machines.
Researchers at Black Lotus Labs have released a statement with information about the Chaos malware, a new multi-functional GO-based botnet that is experiencing rapid expansion in recent months.
The victims of its attacks tend to be European, and the bots are also being distributed across devices in the Americas and Asia.
First detected in April, Chaos is developed for Windows and Linux devices, with the ability to infect various types of architectures, has capabilities to perform DDoS attacks, cryptomining, establish persistence and propagate automatically, either by brute-force on private SSH keys or using stolen SSH keys.
Sophos has reported the discovery of a critical vulnerability affecting the Sophos Firewall User Portal and Webadmin, allowing an attacker to perform remote code execution (RCE).
The security flaw, listed as CVE-2022-3236 with a CVSS of 9.8, is reportedly being used in campaigns primarily affecting organizations in the South Asia region, which have already been reported, the company said. Sophos has released fixes to address the vulnerability, which affects Sophos Firewall v19.0 MR1 (19.0.1) and earlier.