Zero-Day exploits and critical vulnerabilities
With a huge part of global workforce currently working from remote locations outside their offices, it does not come as a surprise that patched Pulse Secure VPN exploitation has continued. A recently discovered secret backdoor on thousands of Microsoft SQL Servers has been used by crypto mining botnet “Vollgar”. Vollgar has been targeting MSSQL databases since 2018 using brute-force attacks.
A critical remote code execution vulnerability was detected in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller. F5 released the patches for the flaw as well as some mitigations that should prevent its exploitation. However, researchers found a way to bypass one of the mitigations, which was confirmed by the vendor.
Large-scale DDOS attacks are possible through “NXNSAttack”. Impacting the DNS protocol, this vulnerability forces DNS resolvers to generate more DNS queries to authoritative servers of the attacker’s choice, potentially causing a botnet-scale disruption to online services. Other prominent observations have been a critical flaw in VMware Cloud Director which could hijack enterprise servers, attackers gaining administrator privileges through a flaw in the Windows Group Policy feature or “Ripple20”, a zero-day vulnerability affecting hundreds of millions of IoT devices enabling successful attackers to hide malicious code within embedded devices for years and simply surpass an organization’s network boundaries.