Some Attention May be Required! - WST

Vulnerabilities affecting three widely-used platforms are demanding some attention in this week's WST.

VMware
Two weeks ago VMware disclosed a critical remote code execution (RCE) vulnerability in its VMware vCenter Server and Cloud Foundation solutions. A patch was released on May 25th, but researchers continue to see attackers attempting to find and exploit unpatched systems. This vulnerability, rated a 9.8 out of 10, is found in versions 6.5, 6.7 and 7.0. As noted in the alert, "A successful exploit could enable a remote attacker with access to port 443 to take control of the impacted system and execute commands with unrestricted privileges on the victim’s network." Please see this notification from the Cybersecurity & Infrastructure Security Agency (CISA) for more information (https://www.cisa.gov/news-events/alerts/2021/06/04/unpatched-vmware-vcenter-software).

FortiGate
Fortinet's FortiGate firewalls, affected by a trio of vulnerabilities from 2018, 2019, and 2020, are still being impacted due to lack of applying patches previously released by Fortinet. Both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) are warning that a new campaign is underway by "advanced persistent threat (APT) actors" to take advantage of these vulnerabilities in an effort to gain access "across multiple infrastructure sectors" to set up future attacks where data may be exfiltrated or encrypted. For more information see this joint release from the FBI and DHS (https://www.cisa.gov/news-events/alerts/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios-vulnerabilities).

Microsoft Exchange
Finally, a report from Sophos sheds light on a new ransomware variant taking advantage of the Microsoft Exchange vulnerabilities previously reported in March. This new variant, called Epsilon Red, is thought to have been used to launch a ransomware attack and extort payment from at least one US-based company in May by gaining network access via an unpatched Exchange server. For additional information please see the statement released by CISA and DHS (https://www.cisa.gov/news-events/alerts/2021/03/02/microsoft-releases-out-band-security-updates-exchange-server) and the report from Sophos (https://news.sophos.com/en-us/2021/05/28/epsilonred/).

Keeping all systems patched and on current firmware are key to preventing attacks such as these. Ensure that you are subscribed to all relevant vendor updates so you can stay informed of these patches as they are released. Also, following the "least-privilege access" concept can help to prevent malware from executing on your systems.

As always, thank you for reading, and happy patching!

Authored by: Mike Smith, AWS-CCP