.webp)
VMware has released an advisory regarding two vulnerabilities, CVE-2024-22245 (CVSSv3:9.6) and CVE-2024-22250 (CVSSv3:7.8) which impact the VMware Enhanced Authentication Plug-in (EAP). They are arbitrary authentication relay and session hijack vulnerabilities which exist in the depreciated EAP plug-in. VMware advises users to remove this component from impacted environments. These vulnerabilities were attributed to VMware to Ceri Coburn from Pen Test Partners as the reporter of them.
According to VMware the attack vector varies between these two vulnerabilities. CVE-2024-22245, the arbitrary authentication relay vulnerability, requires a malicious actor to trick a target domain user with the affected application installed in their web browser to request relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). CVE-2024-22250, the session hijack vulnerability, requires a malicious actor with unprivileged local access to a windows OS system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
Check your organization’s software inventory for any instances of this VMware EAP software and remove it if present. As it is depreciated it will no longer be receiving updates and is currently vulnerable and it is advised by the vendor to delete it.
VMware has supplied an article for a complete guide to removing this software to remediate these vulnerabilities. Refer to their KB 96442 for information on how to do so.
Depreciated or EoL software are always at risk of exploitation as they will never receive security updates. If exploited this vulnerability could damage your organizations reputation as there was not enough expediency in removing this software which depreciated in 2021. This is not to mention the potential loss of data and incident response costs because of an attacker exploiting the vulnerabilities as well.
Follow vendor recommendations: Remove the depreciated software per vendor instructions.
Have a plan for EoL or Depreciated software: Make sure your organization has a plan for removing or mitigating the risk of depreciated software.
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
In December 2020, Ticketmaster was hit with a $10 million fine for an act of corporate espionage. The company had engaged in unauthorized access to a competitor's computer systems, using stolen login credentials to gather confidential business intelligence. Although this scandal broke nearly four years ago, it serves as a reminder of the legal and ethical responsibilities businesses must adhere to in today’s marketplace.
Hospitals and healthcare providers have increasingly become targets of cyberattacks, which pose significant risks to patient care and safety. This document examines the various ways in which cyberattacks can disrupt hospital operations, compromise patient data security, and ultimately affect the quality of patient care. It also explores strategies and best practices that hospitals can implement to mitigate these risks and enhance their cybersecurity posture.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
