Novosti
Critical VMware vCenter Server Patch VMSA-2024-0019
Dear all,
VMware has released a critical security advisory (VMSA-2024-0019) that addresses two serious vulnerabilities found in its vCenter Server and VMware Cloud Foundation products.
These vulnerabilities, identified as CVE-2024-38812 and CVE-2024-38813, could enable attackers to execute remote code and gain elevated privileges, posing a significant security risk.
VMware has released updates to fix the vulnerabilities, and users are encouraged to apply the updates asap to protect their systems.
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.
CrowdStrike issue related to Falcon Sensor
What happened:
CrowdStrike has identified an issue that has caused some Windows hosts to experience crashes. These crashes are related to the Falcon Sensor, a crucial component of our endpoint protection solution. The issue surfaced following a recent content deployment, which inadvertently caused the Falcon Sensor to malfunction.
What to expect:
Affected hosts may encounter a bugcheck, commonly known as a blue screen error. This error disrupts normal operations, leading to system crashes and instability. We understand the inconvenience this causes and are working diligently to resolve it.
What next:
CrowdStrike engineering team has swiftly responded by identifying the problematic content deployment and reverting the changes. This should prevent further occurrences of the issue. However, if your hosts are still experiencing crashes and are unable to stay online to receive the corrective updates, please follow the steps below to manually address the problem:
Workaround Steps:
- Boot the affected Windows host into Safe Mode or the Windows Recovery Environment.
- Once in Safe Mode, navigate to the following directory:
C:\Windows\System32\drivers\CrowdStrike. - Locate the file matching the pattern “C-00000291*.sys” and delete it.
- Reboot the host normally.
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.
Critical Vulnerability in OpenSSH (CVE-2024-6387)
I would like to bring your attention that on July 1, 2024, a new Critical Vulnerability in OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed regreSSHion was reported, affecting glibc-based Linux systems. This vulnerability, identified as CVE-2024-6387, allows remote attackers to execute arbitrary code as root due to a signal handler race condition in sshd.
Technical Details: [2]
The vulnerability allows attackers to execute arbitrary code with the highest privileges, leading to full system takeover. This can result in malware installation, data manipulation, and backdoor creation for persistent access. It enables network propagation, allowing attackers to exploit other vulnerable systems within the organization.
Affected Products: [1]
- OpenSSH servers on Linux from version 8.5p1 up to, but not including 9.8p1
- Versions 4.4p1 up to, but not including 8.5p1 are not vulnerable to CVE-2024-6387 thanks to a patch for CVE-2006-5051, which secured a previously unsafe function
- Versions older than 4.4p1 are vulnerable to regreSSHion unless they are patched for CVE-2006- 5051 and CVE-2008-4109.
- OpenBSD systems are not impacted by this flaw thanks to a secure mechanism introduced back in 2001
Recommendations:
Review and apply the patches from Linux distribution security bulletins, including but not limited to:
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.
CSA Threat Alert: QLIN & Blackbasta IOCs Required Monitoring and Blocking
Dear all,
I would like to ask you to in order to enhance our security measures to protect our organization’s critical assets to monitor and block on the firewall the IP addresses and/or domains reported in the documents attached and also below:
- 103.224.212.217
- 23.227.38.68
- 79.98.24.19
- manviro.com
It is important that the ingress and egress traffic is restricted and internet traffic towards malicious IP/domains is automatically filtered by your firewalls.
If you have any concerns or need assistance, please write an email to cybersecurity@itsec.hr or in case of cybersecurity incident open a PMI/MI security related in the ITSec Portal.