• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Sunday, February 5, 2023
Flyy News
No Result
View All Result
  • Home
  • World
  • Business
  • Entertainment
  • Health
  • Food
  • Politics
  • Tech
  • Science
  • Travel
  • Fashion
  • Lifestyle
  • Home
  • World
  • Business
  • Entertainment
  • Health
  • Food
  • Politics
  • Tech
  • Science
  • Travel
  • Fashion
  • Lifestyle
No Result
View All Result
Flyy News
No Result
View All Result
Home Tech

VMware bug with 9.8 severity rating exploited to install witch’s brew of malware

flyynews by flyynews
October 24, 2022
in Tech
0
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

READ ALSO

TikTok food trends spike demand and stress on workers and supplies

15 Fabulous Food Gifts Under $25 for Valentine’s Day


Image of ones and zeros with the word

Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various ransomware and cryptocurrency miners, a researcher at security firm Fortinet said on Thursday.

CVE-2022-22954 is a remote code execution vulnerability in VMware Workspace ONE Access that carries a severity rating of 9.8 out of a possible 10. VMware disclosed and patched the vulnerability on April 6. Within 48 hours, hackers reverse-engineered the update and developed a working exploit that they then used to compromise servers that had yet to install the fix. VMware Workspace ONE access ​​helps administrators configure a suite of apps employees need in their work environments.

In August, researchers at Fortiguard Labs saw a sudden spike in exploit attempts and a major shift in tactics. Whereas before the hackers installed payloads that harvested passwords and collected other data, the new surge brought something else—specifically, ransomware known as RAR1ransom, a cryptocurrency miner known as GuardMiner, and Mirai, software that corrals Linux devices into a massive botnet for use in distributed denial-of-service attacks.

FortiGuard

“Although the critical vulnerability CVE-2022-22954 is already patched in April, there are still multiple malware campaigns trying to exploit it,” Fortiguard Labs researcher Cara Lin wrote. Attackers, she added, were using it to inject a payload and achieve remote code execution on servers running the product.

Advertisement

The Mirai sample Lin saw getting installed was downloaded from http[:]//107[.]189[.]8[.]21/pedalcheta/cutie[.]x86_64 and relied on a command and control server at “cnc[.]goodpackets[.]cc. Besides delivering junk traffic used in DDoSes, the sample also attempted to infect other devices by guessing the administrative password they used. After decoding strings in the code, Lin found the following list of credentials the malware used:

hikvision

1234

win1dows

S2fGqNFs

root

tsgoingon

newsheen

12345

default

solokey

neworange88888888

guest

bin

user

neworang

system

059AnkJ

telnetadmin

tlJwpbo6

iwkb

141388

123456

20150602

00000000

adaptec

20080826

vstarcam2015

v2mprt

Administrator

1001chin

vhd1206

support

NULL

xc3511

QwestM0dem

7ujMko0admin

bbsd-client

vizxv

fidel123

dvr2580222

par0t

hg2x0

samsung

t0talc0ntr0l4!

cablecom

hunt5759

epicrouter

zlxx

pointofsale

nflection

admin@mimifi

xmhdipc

icatch99

password

daemon

netopia

3com

DOCSIS_APP

hagpolm1

klv123

OxhlwSG8

In what appears to be a separate campaign, attackers also exploited CVE-2022-22954 to download a payload from 67[.]205[.]145[.]142. The payload included seven files:

  • phpupdate.exe: Xmrig Monero mining software
  • config.json: Configuration file for mining pools
  • networkmanager.exe: Executable used to scan and spread infection
  • phpguard.exe: Executable used for guardian Xmrig miner to keep running
  • init.ps1: Script file itself to sustain persistence via creating scheduled task
  • clean.bat: Script file to remove other cryptominers on the compromised host
  • encrypt.exe: RAR1 ransomware

In the event RAR1ransom has never been installed before, the payload would first run the encrypt.exe executable file. The file drops the legitimate WinRAR data compression executable in a temporary Windows folder. The ransomware then uses WinRAR to compress user data into password-protected files.

The payload would then start the GuardMiner attack. GuardMiner is a cross-platform mining Trojan for the Monero currency. It has been active since 2020.

The attacks underscore the importance of installing security updates in a timely manner. Anyone who has yet to install VMware’s April 6 patch should do so at once.



Source_link

Related Posts

TikTok food trends spike demand and stress on workers and supplies
Tech

TikTok food trends spike demand and stress on workers and supplies

February 5, 2023
15 Fabulous Food Gifts Under $25 for Valentine’s Day
Tech

15 Fabulous Food Gifts Under $25 for Valentine’s Day

February 5, 2023
Razer’s Cage-Like Mouse Is a $280 Goth-Metal Jewel
Tech

Razer’s Cage-Like Mouse Is a $280 Goth-Metal Jewel

February 5, 2023
Elon Musk and Tesla found not liable in lawsuit over “funding secured” tweet
Tech

Elon Musk and Tesla found not liable in lawsuit over “funding secured” tweet

February 5, 2023
Microsoft alleges attacks on French magazine came from Iranian-backed group
Tech

Microsoft alleges attacks on French magazine came from Iranian-backed group

February 4, 2023
AI models spit out photos of real people and copyrighted images
Tech

AI models spit out photos of real people and copyrighted images

February 4, 2023
Next Post
Russia-Ukraine war latest updates – The Washington Post

Russia-Ukraine war latest updates - The Washington Post

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

POPULAR NEWS

Angel -Dave Curl – Official Music Video 2022

Angel -Dave Curl – Official Music Video 2022

November 17, 2022
Proud By Cytonic Rhymes – Official Music 2022

Proud By Cytonic Rhymes – Official Music 2022

November 25, 2022
Sweet Bennie Ray – Whole Lot (Official Music Video)

Sweet Bennie Ray – Whole Lot (Official Music Video)

December 22, 2022
SUPER VITAMIN C COLLECTION | STRIVECTIN

SUPER VITAMIN C COLLECTION | STRIVECTIN

December 16, 2022
Rain And Lily Pond Sounds | 10 Hours | Sleep, Relaxation | Dark Screen

Rain And Lily Pond Sounds | 10 Hours | Sleep, Relaxation | Dark Screen

November 14, 2022

About Us

Welcome to Flyy News The goal of Flyy News is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow us

Categories

  • Business
  • Entertainment
  • Fashion
  • Food
  • Gaming
  • Health
  • Lifestyle
  • Politics
  • Reviews
  • Science
  • Tech
  • Travel
  • World

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

  • Chaotic cash shortage forces Nigerians to wait hours for $43
  • How to Treat a Cold or Flu With COVID-19
  • TikTok food trends spike demand and stress on workers and supplies
  • January Weekly Meal Plan #5

Copyright © 2022 Flyynews.com | All Rights Reserved.

No Result
View All Result
  • Home
  • World
  • Business
  • Entertainment
  • Health
  • Food
  • Politics
  • Tech
  • Science
  • Travel
  • Fashion
  • Lifestyle

Copyright © 2022 Flyynews.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT