Critical vulnerabilities in VMware and Microsoft products have been disclosed, with both companies issuing patches. VMware's vCenter Server application had two flaws with a CVSS score of 9.8. Microsoft Outlook and corporate email accounts are also affected by unpatched bugs, allowing for impersonation and email spoofing. Shadowserver reports on vulnerable instances and exploitation attempts related to CVE-2024-30080 and CVE-2024-29973, urging users to apply patches and monitor for compromise.
Urgent warning to all 400 million Outlook users after new email bug is discovered - here's how to protect yourself https://t.co/neNEu44Ejg https://t.co/waxXPwrvnW
We have started observing Zyxel NAS CVE-2024-29973 RCE exploitation attempts by a Mirai-like botnet in our sensors. Zyxel has released patches for this and other vulnerabilities (though affected products are EOL) https://t.co/IiPxfSxcEj Review for signs of compromise and patch!
By me @Forbes: This email impersonation vulnerability passes DMARC and allows Outlook users to spoof Microsoft employee emails, including the security team. #kudos @slonser_ for discovery. #infosec #microsoft #outlook #email https://t.co/vQN3kFvfbc
MS CVE-2024-30080 update: You can track increased interest in MSMQ services as seen by our honeypot sensors https://t.co/bPGaMbw3jN While we have not seen actual exploitation more details about the CVSS 9.8 RCE vulnerability have been made public making exploitation more likely. https://t.co/ycNIwGylpo https://t.co/txLyRZJyEK
CVE-2024-30080 update: You can track increased interest in MSMQ services as seen by our honeypot sensors https://t.co/bPGaMbw3jN While we have not seen actual exploitation more details about the CVSS 9.8 RCE vulnerability have been made public making exploitation more likely. https://t.co/SOcCONaQZQ https://t.co/txLyRZJyEK
We are scanning/sharing VMware vCenter CVE-2024-37079 & CVE-2024-37078 vulnerable instances. 1220 unpatched instances found on 2024-06-20. Note these are only remotely exploitable if DCERPC is also exposed (486 cases). https://t.co/iEXS9qHzBC Patch: https://t.co/AWhm9XGLEy https://t.co/5j0sOeq20p
News of Microsoft's new cyber slip-up, another sophisticated phishing scam, means it's a good time to remind your employees to be extra-cautious when it comes to opening emails they weren't expecting, potentially letting hackers in. https://t.co/pfxp1JiBkj
RCE in Microsoft Outlook (CVE-2024-21378) : https://t.co/FTv44MaWQx https://t.co/xfiHCfCkaM
An unpatched bug allows anyone to impersonate Microsoft corporate email accounts https://t.co/q6t6WeJFfc
An unpatched bug allows anyone to impersonate Microsoft corporate email accounts: https://t.co/l1mPY3TbRA by Security Affairs #infosec #cybersecurity #technology #news
Is There An Outlook Bug Allowing You To Spoof Any Email Domain? https://t.co/8PG13i3UUv
Security Bug Allows Anyone To Spoof Microsoft Employee Emails https://t.co/1OEc404uEb
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft https://t.co/6ef7YwSg1p
CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks https://t.co/TCJRXudV8j
.@VMware patched two critical vulnerabilities in its vCenter Server application, both of which have a CVSS score of 9.8. #cybersecurity #infosec #ITsecurity https://t.co/4NxRnWEvKm
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft: https://t.co/2ZasEzuyvZ by darkreading #infosec #cybersecurity #technology #news