Malware

Researchers warn that a vulnerability patched this month in VMware Aria Operations for Networks, formerly known as vRealize Network Insight, is now seeing exploitation en masse. The flaw allows for remote code execution through command injection and is rated with critical severity. “New data from Akamai shows the scale of active scanning for sites vulnerable to CVE-2023-20887 is much greater than originally reported,” researchers from Akamai told CSO via email. “There have been 695,072 total…

Personal data of over 45,000 public school students was compromised in a breach involving the file-transfer software MOVEit, according to a community letter sent to families and staff by the New York City Department of Education. “DOE used MOVEit to transfer documents and data internally as well as to and from vendors, including third party special education service providers,” the letter said.   The breach is the latest expoit of a SQL injection vulnerability found…

A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines.  Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach notifications from the airlines.  Breach at third-party vendor On May 3, both airlines were informed that their third-party vendor, pilotcredentials.com,…

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and…

Millions of GitHub repositories are potentially vulnerable to RepoJacking, which allows attackers to carry out code execution on organizations’ internal environments or on their customers’ environments, according to research by AquaSec.  AquaSec analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% were vulnerable to RepoJacking, including repositories belonging to companies such as Google and Lyft.  What is RepoJacking? On GitHub, organizations have usernames and repository names. In instances such as a…

An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in a country in the Americas and a corporation that sells products in Central and South America. There was also one…