CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Bose Hacked
The Bose Corporation recently disclosed that they were the victim of a sophisticated cyberattack in March. Ransomware was deployed on some of their systems which disrupted their network. During a forensic investigation of the incident, Bose discovered that the attackers accessed some employee information within the HR’s systems. They have put measures in place to harden themselves against future attacks and are monitoring the dark web just in case the attackers attempt to maliciously use this information.
VMware vCenter Vulnerabilities
Critical security vulnerabilities in VMware vCenter Server were discovered and privately reported to the company. Tracked as CVE-2021-21985 and CVE-2021-21986, they could allow attackers to execute commands with unrestricted privileges on the server. VMware is urging customers to apply the vCenter Server updates which are available to fix these issues.
Pulse Connect Secure Vulnerabilities
Pulse Secure disclosed that a vulnerability was discovered in their Pulse Connect Secure gateway. Tracked as CVE-2021-22908, this buffer overflow vulnerability allows a remotely authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. The fix is available in the current version 9.1R.11.5 update.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)