A Vulnerability in VMware Products Could Allow for Authentication Bypass

Read Time:44 Second

Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in Authentication Bypass.

VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

A Guide to Identity Theft Statistics for 2022

Read Time:8 Minute, 45 Second

There’s a digital counterpart for nearly everything we do, which means more of our personal information is online. And although this tends to make our lives easier, it opens the door for information to land in the wrong hands. Identity theft happens when someone uses your personal identifiable information (PII) for their own monetary or personal gain. Sensitive data like credit card numbers and Social Security numbers can be incredibly valuable if it gets into the wrong hands.  

The good news is that you can take steps to minimize the risk of identity theft. This article breaks down some of the most interesting fraud statistics and trends about identity theft in the United States and offers ways to protect your personal data from cybercriminals. 

Identity theft by the numbers

The number of identity theft cases reported to the Federal Trade Commission (FTC) has increased in the last five years. According to the FTC’s Consumer Sentinel Network (CSN) report, the number of reported cases more than doubled from 2019 to 2020.  

One possible reason for this upward trend is the coronavirus pandemic. Congress passed legislation that included more than $5 trillion in various government benefits. This money was helpful to out-of-luck Americans, but it was also extremely attractive to scammers who used the opportunity to create fake identities and steal unemployment checks. In fact, the most common type of identity theft this past year was government documents and benefits fraud 

What else do the numbers say about the rise in identity theft? Let’s take a closer look: 

An estimated 15 million Americans had their identity stolen in 2021, according to Javelin Strategy; however, a huge majority of cases went unreported (Source: Javelin Strategy & Research | 2022 Identity Fraud Study: The Virtual Battleground) 
Last year, the FTC received more than 1.4 million reports of identity theft (Source: Federal Trade Commission | Consumer Sentinel Network Data Book 2021 
Identity thieves stole around $52 billion from Americans last year (Source: Javelin Strategy & Research | 2022 Identity Fraud Study: The Virtual Battleground) 
More than 40 million U.S. consumers fell victim to identity theft in 2021 (Source: Javelin Strategy & Research | 2022 Identity Fraud Study: The Virtual Battleground) 
The most likely victims of identity theft in 2021 were people from 30 to 39 years old (Source: Federal Trade Commission | Consumer Sentinel Network Data Book 2021 
Criminals have stolen more than $750 million from taxpayers through COVID-19 stimulus scams since January 2020 (Source: Federal Trade Commission | FTC COVID-19 and Stimulus Reports 

These statistics only scratch the surface, though. Keep reading to learn more about the latest identity theft data and what you can do to protect your personal information.  

How common is identity theft in the U.S.?

Identity theft is a huge issue in the United States, and it doesn’t seem to be going away anytime soon. Fraud reports show that the number of identity thefts in the U.S. continues to grow and grow. The graph below shows the number of identity theft reports from the first quarter of 2017 to the first quarter of 2021.  

The reported instances of identity theft have risen sharply from just over 100,000 in the first quarter of 2017 to well over 500,000 in the first quarter of 2021. 2020 had the sharpest increase in reports, as cybercriminals did their best to capitalize on the pandemic to take people’s government benefits 

Identity theft, by state  

Not every state is affected by ID theft equally. Where you live can have a big impact on your likelihood of experiencing identity theft. The graph below shows the amount of identity theft cases reported to the FTC per 100,000 residents for each state in the U.S.  

With a closer look, the five states with the most identity theft reports include Georgia, Louisiana, Illinois, Kansas, and Rhode Island, which takes the top spot. The number of reports in Rhode Island more than doubled in 2021, from 1,191 in 2020 to 2,857.  

At the other end of the spectrum, South Dakota remained the state with the lowest occurrence of identity theft, with only 76 residents per 100,000 experiencing it.  

Here’s a list of the 20 metro cities where you have the highest chance of having your identity stolen. 

Who are the victims of identity theft?

Anyone can become the victim of identity theft, in large part because so much of our information is online. However, certain age groups are more likely to experience different types of scams 

For example, baby boomers are more likely than Generation Z to benefit from government programs. This makes them more susceptible to scams like benefits fraud (where a criminal poses as someone else to steal government benefits).  

On the other hand, younger generations like millennials have grown up with the internet, and activities like shopping online are more frequent. This makes them more susceptible to identity theft through credit card fraud 

Here’s a breakdown of the most common identity theft types from various generations:  

Types of identity theft

There are several different types of identity theft, ranging from stolen financial information to compromised health care data. Some forms are pretty straightforward. For instance, credit card fraud occurs when somebody steals your credit card number and uses it to buy things. Others, like medical identity theft, might be a bit harder to recognize.  

Here’s a list of five of the most common types of identity theft 

Financial identity theft: This form of identity theft is exactly what it sounds like and involves a criminal stealing your financial information. For instance, your credit card number can be stolen and used to make a purchase.  
Medical identity theft: With medical identity theft, someone steals your personal information to obtain health care services. An example is someone else using your identity to obtain prescription drugs. 
Criminal identity theft: This form of identity theft occurs when someone else uses your name when arrested. You’ll know this has happened to you if you receive a court summons, for instance, that you had no involvement with. 
Synthetic identity theft: A rising form of identity theft, synthetic identity theft is when someone creates a fake identity using someone’s real information. For instance, an imposter might create a fake identity using someone else’s real birthdate and Social Security number to apply for a loan. 
Child identity theft: With child identity theft, a criminal uses a minor’s personal information to commit bank fraud or another form of identity theft. 

Although these are five of the most common types of identity theft, they can serve as umbrella terms for more specific forms of fraud. The diagram below shows the number of reported fraud cases of these various types of identity theft In 2021. 

While the internet has made our day-to-day lives more convenient, it’s also made it much easier for scammers to steal our personal information. Identity theft has become increasingly more common in the United States over the past five years.  

The more you use the internet, the more opportunities scammers have to steal your data and sell it on places like the dark web. Social media platforms, e-commerce businesses, banking companies, and a host of other online businesses can store your information for a variety of reasons.  

If you use the internet for online shopping, for instance, there’s a good chance a large number of databases stored your personal and financial data. While businesses use your information to give you a better online experience, scammers can also access it to steal your identity.  

The graph below shows the growth of different types of identity theft from 2017 to 2021.  

What should I do if I think I’m a victim of identity theft?

Criminals use many tricks to get your information. Scammers or hackers might send phishing emails pretending to be the IRS, snoop around social media pages for password clues, get info through a data breach, or simply buy information on the dark web 

Here are a few things you can do if you believe you are the victim of identity theft 

Be on the lookout: To avoid identity theft, you’ll want to be alert for signs that someone has stolen your identity. Check your bank statement and credit report regularly to ensure no extra charges to your account. Pay attention to red flags like bills that arrive at your home with your information but someone else’s name, mysterious calls from debt collectors, or emails from new accounts for online services you don’t remember starting.  
Reach out to local law enforcement: Some banks may make you show them a police report before they reimburse you for any fraudulent charges or withdrawals. 
Contact the company where your ID is being used: Let the businesses where your information is being used know what’s happened. For instance, you’ll want to contact your bank and cancel your credit cards if you find out a criminal is using them. 
Get in touch with the three big credit bureaus: Call or message TransUnion, Equifax, and Experian right away. They may be able to diminish the impact an identity thief has on your credit score.  
File a report with the FTC: Reporting identity fraud to the FTC can help spread awareness of scams and identity theft tactics so others don’t fall victim to them.  
Visit the Identity Theft Resource Center: The ITRC has tools and information to help you protect yourself against identity theft and recover from it.  

We’re here to help protect your personal information

The internet makes our lives easier in many ways. Although identity theft is rising, you shouldn’t let online scams prevent you from enjoying these digital conveniences. Identity thieves are an unavoidable part of using the internet, but you can greatly limit your risk of falling victim to cybercrime if you know what to watch out for and you’re smart online.  

Recognizing the signs of identity theft can help you stay ahead of fraudsters, and investing in McAfee Identity Protection services can offer another layer of protection. When you sign up for our identity protection services, you get perks like $1 million in identity theft protection insurance and email address and bank account monitoring. With our help, you can continue to use the internet with confidence. 

The post A Guide to Identity Theft Statistics for 2022 appeared first on McAfee Blog.

Read More

Smashing Security podcast #275: Jail for Bing, and mental health apps may not be good for you

Read Time:23 Second

A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they’re up to?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker.

Plus don’t miss our featured interview with Rumble’s Chris Kirsch.

Read More

CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)

Read Time:4 Minute, 14 Second

Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency.

Background

On May 18, VMware published an advisory (VMSA-2022-0014) to address two vulnerabilities across several VMware products:

CVE
Description
CVSSv3

CVE-2022-22972
Authentication Bypass Vulnerability
9.8

CVE-2022-22973
Local Privilege Escalation Vulnerability
7.8

Affected products include:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
vRealize Lifecycle Manager
VMware vRealize Automation (vRA)
VMware Cloud Foundation

This advisory follows a similar advisory from April (VMSA-2022-0011), where VMware patched multiple vulnerabilities across the same set of products.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) published Emergency Directive 22-03 for all Federal Civilian Executive Branch (FCEB) agencies to address two flaws from VMSA-2022-0011 (CVE 2022-22954 and CVE 2022-22960) as well as the two flaws patched today based on the expectation that threat actors will “quickly develop a capability to exploit these newly released vulnerabilities.”

Additionally, CISA published an alert (AA22-138B) highlighting how threat actors are chaining these VMware vulnerabilities to gain “full system control.” The alert also includes indicators of compromise and detection methods for defenders and incident responders.

Analysis

CVE-2022-22972 is an authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation that affects local domain users. In order to exploit this vulnerability, a remote attacker capable of accessing the respective user interface could bypass the authentication for these various products. It is the most severe of the two flaws patched today, as it was assigned a CVSSv3 score of 9.8. This vulnerability was credited to security researcher Bruno López of Innotec Security.

CVE-2022-22973 is a local privilege escalation vulnerability in the VMware Workspace ONE Access and Identity Manager. In order to exploit this vulnerability, an attacker would need to have local access to the vulnerable instances of Workspace ONE Access and Identity Manager. Successful exploitation would allow an attacker to gain “root” privileges.

Last month’s VMware bugs prompt cause for concern for today’s advisory

Within two days of VMware publishing its advisory for VMSA-2022-0011, researchers at GreyNoise began to observe exploitation attempts targeting CVE-2022-22954, a server-side template injection vulnerability:

We’re seeing ~10 IPs exploiting the VMWare Workspace ONE RCE (CVE-2022-22954) at-scale across the internet in @GreyNoiseIO. FW Blocks + Tags available to all users and customers now. https://t.co/uvRpXl7QYf

Insanely quick work by @kimb3r__, #Konstantin, @_mattata, @nathanqthai pic.twitter.com/XEQOmWKg6C

— Andrew Morris (afk) (@Andrew___Morris) April 13, 2022

In addition to CVE-2022-22954, VMware confirmed in the wild exploitation of CVE-2022-22960, a local privilege escalation vulnerability.

Considering the swiftness with which attackers began to exploit these two flaws from VMSA-2022-0011, the expectation is that attackers will be able to quickly develop a proof-of-concept (PoC) exploit for CVE-2022-22972 and begin scanning for vulnerable instances across the internet. This appears to be CISA’s expectation, prompting the agency to publish the Emergency Directive for FCEBs to quickly remediate these flaws.

Proof of concept

At the time this blog post was published, there were no public PoC exploits for either of the flaws addressed in VMware’s VMSA-2022-0014 advisory.

Solution

VMware released patches for the vulnerabilities in the following affected products:

Product/Component
Affected Versions

VMware Workspace ONE Access Appliance
21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0

VMware Identity Manager Appliance
3.3.6, 3.3.5, 3.3.4, 3.3.3

VMware vRealize Automation
7.6

VMware publishes second FAQ document for Workspace ONE flaws

For the second straight month, VMware has published a companion frequently asked questions (FAQ) document to provide additional clarification for the flaws addressed in VMSA-2022-0014. Once again, VMware underscores the importance of patching these flaws, stressing that the ramifications are “serious.”

Because VMware updates are cumulative, applying the fixes for VMSA-2022-0014 will also address the flaws in VMSA-2022-0011. VMware has provided a workaround for organizations that are not able to immediately patch, however applying the workaround would prevent admins from logging into the Workspace ONE Access console. VMware strongly recommends patching as it’s the “only way to remove the vulnerabilities from your environment.”

VMware notes that vSphere as well as the connectors for Workspace ONE Access and VMware Identity Manager are not affected.

Identifying affected systems

A list of Tenable plugins covering the CVEs outlined in this blog can be found here. This link uses a search filter to ensure that all matching plugin coverage will appear.

Get more information

VMWare Advisory: VMSA-2022-0014
VMware VMSA-2022-0014 FAQ
Workaround instructions to address CVE-2022-22972

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components)

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 18

SEC Consult Vulnerability Lab Security Advisory < 20220518-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: SAP® Application Server
ABAP and ABAP® Platform (Different Software Components)
vulnerable version: see section “Vulnerable / tested versions”
fixed version: see SAP security notes…

Read More

PHPIPAM 1.4.4 – CVE-2021-46426

Read Time:14 Second

Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18

=====[ Tempest Security Intelligence – ADV-03/2022
]==========================

PHPIPAM – Version 1.4.4

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents ]==================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability Information…

Read More

LiquidFiles – 3.4.15 – Stored XSS – CVE-2021-30140

Read Time:14 Second

Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18

=====[ Tempest Security Intelligence – ADV-12/2021
]==========================

LiquidFiles – 3.4.15

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability…

Read More

Deepfence Cloud builds on ThreatStryker security observability platform

Read Time:26 Second

Deepfence, a security observability and protection company, has launched Deepfence Cloud, a fully managed, cloud-native security SaaS observability system built on the company’s on-premises ThreatStryker software.

Deepfence Cloud, unveiled at the KubeCon + CloudNativeCon Europe 2022 event this week, is aimed at observing runtime indicators of attack (IOA), and indicators of compromise (IOC) and correlating events to provide real-time monitoring of attacks as well as mitigation and remediation capabilities. The software is generally available now.

To read this article in full, please click here

Read More