VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow.
“Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it,” researchers with penetration testing firm Horizon3.ai said in their analysis of the flaws. “Often logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and PII. Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment.”
To read this article in full, please click here
More Stories
Deepfake Ukrainian diplomat targeted US senator on Zoom call
The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top...
Governments Urge Improved Security and Resilience for Undersea Cables
The US, UK, EU and other global partners have called for a global approach to strengthening the security of global...
Ireland’s DPC Hits Meta with €91 Million Penalty for GDPR Violation
Ireland's Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations Read More
US Sanctions Crypto Exchanges for Facilitating Russian Cybercrime
The US has sanctioned Cryptex, PM2BTC and a Russian national for processing hundreds of millions of dollars derived from cybercrime...
NIST Recommends Some Common-Sense Password Rules
NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements...
Man Arrested Over UK Railway Station Wi-Fi Hack
The suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail Read More