Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft

A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments. [TechWeb]( Follow Dark Reading: [RSS]( June 19, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft]( A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments. [Scattered Spider Pivots to SaaS Application Attacks]( Microsoft last year described the threat actor — known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus — as one of the most dangerous current adversaries. [Cut & Paste Tactics Import Malware to Unwitting Victims]( "ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers. [Blackbaud Fined $6.75M After 2020 Ransomware Attack]( Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said. [The Software Licensing Disease Infecting Our Nation's Cybersecurity]( Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Apple Intelligence Could Introduce Device Security Risks]( The company focused heavily on data and system security in the announcement of its generative AI platform, Apple Intelligence, but experts worry that companies will have little visibility into data security. [Addressing Misinformation in Critical Infrastructure Security]( As the lines between the physical and digital realms blur, widespread understanding of cyber threats to critical infrastructure is of paramount importance. [Space: The Final Frontier for Cyberattacks]( A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race. [Name That Toon: Future Shock]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine]( The Arid Viper APT group is deploying AridSpy malware with Trojanized messaging applications and second-stage data exfiltration. [MORE]( PRODUCTS & RELEASES [DataBee Launches Innovations for Enhanced Threat Monitoring and Zero Trust Implementation]( [KnowBe4 Launches PhishER Plus Threat Intel Feature]( [Aim Security Closes $18M Series A to Secure Generative AI Enterprise Adoption]( [KnowBe4 Launches Risk & Insurance Partner Program]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Emojis Control the Malware in Discord Spy Campaign]( Pakistani hackers are spying (▀̿Ĺ̯▀̿ Ì¿) on the highly sensitive organizations in India by using emojis (Ô¾_Ô¾) as malicious commands (⚆ᗝ⚆) and the old Dirty Pipe Linux flaw. LATEST FROM THE EDGE [MITRE: US Government Needs to Focus on Critical Infrastructure]( With the presidential election this year and an increase in cyberattacks and conflicts around the world, MITRE has outlined four important areas the incoming administration should focus on next year. LATEST FROM DR TECHNOLOGY [Inside Baseball: The Red Sox Cloud Security Game]( Inside the baseball team's strategy for building next-gen security operations through zero trust and initiatives aiming to safeguard team data, fan info, and the iconic Fenway Park — which, by the way, is now a smart stadium. LATEST FROM DR GLOBAL [Bug Bounty Programs, Hacking Contests Power China's Cyber Offense]( With the requirement that all vulnerabilities first get reported to the Chinese government, once-private vulnerability research has become a goldmine for China's offensive cybersecurity programs. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Cyber Threat Intelligence Empowers the C-Suite]( - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [2023 Global Threat Report]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124106&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.19.24&sp_cid=53982&utm_content=DR_NL_Dark%20Reading%20Daily_06.19.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#fb If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)