The main attacks and vulnerabilities found by our experts last week: July 9th-15th.

Check in our weekly report the main attacks and vulnerabilities found by our teams of experts.

Here are the most relevant headlines of the week:

Rozena: backdoor distributed by exploiting Follina vulnerability

An analysis of a malicious campaign in which distribution of a new backdoor exploiting the well-known Follina vulnerability (CVE-2022-30190) was detected, has been published by Fortinet researchers.

The name of this new malware is Rozena. Its function is to inject a reverse shell into the attacker’s host, allowing malicious actors to take control of the victim’s system. It also enables monitoring and information capture, and/or maintaining a backdoor to the compromised system.

Phishing campaign via Anubis Network

Segurança Informatica, a Portuguese media outlet has published details of a new wave of the persistent phishing campaign, which uses the Anubis Network portal to set up its attacks and has been active since March 2022.

The affected users are mainly in Portugal and Brazil and receive smishing or phishing messages from financial services.

Vulnerability in the authentication of an AWS Kubernetes component

Security researcher Gafnit Amiga has discovered several security flaws in the authentication process of AWS IAM Authenticator, a component for Kubernetes used by Amazon Elastic Kubernetes Service (EKS).

An upgrade to AWS IAM Authenticator for Kubernetes version 0.5.0. is recommended for customers who manage their own clusters and use the “AccessKeyID” parameter of the authenticator plugin.

VMware fixes vCenter Server vulnerability

A new version of vCenter Server 7.0 3f has recently been published by VMware which corrects, eight months later, a vulnerability in the integrated authentication mechanism with Windows discovered by Crowdstrike and with CVE-2021-22048.

The company has provided mitigation measures for those who are unable to upgrade to the latest patched version.

Microsoft fixes an actively exploited 0-day

The bulletin for the month of July that Microsoft has published fixes a total of 84 vulnerabilities where one actively exploited 0-day is included. In the total number of detected flaws:

  • 5 correspond to denial-of-service vulnerabilities
  • 11 to information disclosure
  • 4 to the omission of security functions
  • 52 to the elevation of privileges
  • 12 to remote code execution

Within this last type are the four vulnerabilities classified as critical (CVE-2022-30221CVE-2022-22029CVE-2022-22039CVE-2022-22038); the rest of the vulnerabilities are of high severity.

Download here the full report of these attacks and vulnerabilities for more information.

Related news

Stay up to date. Get the latest news and trends
Sign Up