The main attacks and vulnerabilities found by our experts last week: 24th— 30th September

Check in our weekly report the main attacks and vulnerabilities found by our teams of experts.

Here are the most relevant headlines of the week, take note and keep informed of all the details:

WhatsApp fixes critical 0-day vulnerabilities

It has recently come to light that WhatsApp has fixed two 0-day vulnerabilities affecting Android and iOS versions that have received a CVSS rating of up to 9.8, making them critical. Both flaws, CVE-2022-36934 and CVE-2022-27492, would allow attackers to execute arbitrary code remotely.

The versions of WhatsApp affected by this vulnerability are versions prior to v2.22.16.2 on Android and v2.22.15.9 on iOS. There are currently no known active attempts to exploit both flaws.

More info

Two 0-day vulnerabilities exploited in Microsoft Exchange

GTSC Vietnamese cybersecurity team reported two 0-day vulnerabilities in Microsoft Exchange three weeks ago through the Zero Day Initiative (ZDI) that threat actors are actively exploiting.

Microsoft currently recommends considering implementing temporary mitigation that would block attack attempts by adding a new rule in IIS via the URL Rewrite Rule module.

More info 

New malware on VMware ESXi with backdoor capabilities

The Mandiant research team has discovered a new malware family targeting VMware system and aimed at installing multiple persistent backdoors on ESXi hypervisors. Mandiant links its discovery to the threat actor tracked as UNC3886, which appears to have focused on developing and deploying malware on systems that do not normally support EDR.

The detected malware currently targets VMware ESXi, Linux vCenter servers, and Windows virtual machines. It would allow transferring files between hypervisors and guest machines, modifying registries, and executing arbitrary commands between virtual machines.

More info 

Chaos: Versatile GO-based malware

Researchers at Black Lotus Labs have released a statement with information about the Chaos malware, a new multi-functional GO-based botnet that is experiencing rapid expansion in recent months.

The victims of its attacks tend to be European, and the bots are also being distributed across devices in the Americas and Asia.

First detected in April, Chaos is developed for Windows and Linux devices, with the ability to infect various types of architectures, has capabilities to perform DDoS attacks, cryptomining, establish persistence and propagate automatically, either by brute-force on private SSH keys or using stolen SSH keys.

More info 

Critical vulnerability in Sophos Firewall actively exploited

Sophos has reported the discovery of a critical vulnerability affecting the Sophos Firewall User Portal and Webadmin, allowing an attacker to perform remote code execution (RCE).

The security flaw, listed as CVE-2022-3236 with a CVSS of 9.8, is reportedly being used in campaigns primarily affecting organizations in the South Asia region, which have already been reported, the company said. Sophos has released fixes to address the vulnerability, which affects Sophos Firewall v19.0 MR1 (19.0.1) and earlier.

More info 

Stay informed of the latest
vulnerabilities found by our experts:

#5 Top 250 Mssp Alert

Related news

Stay up to date. Get the latest news and trends
Sign Up