Here are the most relevant headlines of the week, take note and keep informed of all the details:
VMware critical security advisory (VMSA-2022-0021): reporting ten recently detected and patched vulnerabilities:
More info: https://www.vmware.com/security/advisories/VMSA-2022-0021.html
The Microsoft Threat Intelligence Center (MSTIC) team has published new information about the Raspberry Robin malware, first detected by the Red Canary team in September 2021.
More info: https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0206-DEV-0243
Fortinet security researchers have discovered a new botnet, called RapperBot, that specifically targets Linux systems.
More info: https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
Multiple vulnerabilities have been discovered in Apache HTTP Server affecting versions prior to 2.4.54. A remote attacker could exploit some of these vulnerabilities to trigger a denial-of-service condition, disclosure of confidential information, cross-site scripting (XSS), or circumvention of security restrictions on the target system. The vulnerability cataloged as CVE-2022-31813  stands out for having a CVSSv3 of 9.8 and its exploitation would allow the evasion of IP-based authentication control by not sending, under certain conditions, X-Forwarder-* headers.
More info: https://httpd.apache.org/security/vulnerabilities_24.html
An important remote code execution vulnerability affecting DrayTek routers has been detected by The Trellix Threat Labs team.
The exploitation of the vulnerability tracked as CVE-2022-32548 – CVSSv3 10.0 , would allow the execution of attacks that do not require user interaction, as long as the device’s management interface is configured for network services. If successful, the attacker would gain access to the device’s internal resources, completely compromise the device, and even launch attacks within the LAN from the device’s own default configuration.
More info: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
Here you have the full report of these attacks and vulnerabilities and direct links for more information.