Featured Story
Critical RCE Bug in VMware vCenter Server Now Exploited in Attacks
Broadcom warned that attackers are actively exploiting two VMware vCenter Server vulnerabilities, including a critical remote code execution flaw (CVE-2024-38812) discovered at China’s 2024 Matrix Cup hacking contest. The flaw is due to a heap overflow in the DCE/RPC protocol implementation.
The second vulnerability, CVE-2024-38813, allows privilege escalation to root. These issues impact VMware vSphere and Cloud Foundation platforms.
These flaws present significant risks, with exploitation already observed. Admins who previously applied patches must re-check their systems, as early fixes were incomplete. Patch now, audit for compromise, and restrict network access to vCenter environments to prevent lateral movement and ransomware deployments.
Other Stories
Apple Confirms Zero-Day Attacks Hitting macOS Systems
Apple has issued urgent updates for macOS and iOS, fixing two zero-day vulnerabilities (CVE-2024-44308 and CVE-2024-44309) exploited in the wild. These affect Intel-based macOS devices and were discovered by Google TAG.
Apple has not shared indicators of compromise, limiting threat hunting. Update to iOS 18.1.1, macOS Sequoia 15.1.1 or 17.7.2 for older versions. Organizations should monitor endpoints closely for abnormal behavior and reinforce endpoint integrity checks.
Palo Alto Networks Patches Two Firewall Zero-Days Used in Attacks
Palo Alto NGFWs were hit by two vulnerabilities: CVE-2024-0012 (authentication bypass) and CVE-2024-9474 (privilege escalation). The bypass affects the PAN-OS web interface, while the escalation allows local admin-to-root privilege gain.
Over 8,700 firewalls have exposed management interfaces. Restrict access now, patch urgently, and review logs using Palo Alto’s shared IoCs. Organizations must treat firewall management as a protected asset—not just a convenience.
Beware of Fraudulent Websites Selling Firewood and Pellets
As energy prices rise, scammers are targeting consumers via fake firewood and pellet websites. Victims report lost payments and no deliveries, with scammers often spoofing real company details to gain trust.
Always verify a site’s legitimacy—suspiciously low prices are a red flag. If you’re a victim:
- Contact your bank to block the transaction
- File a report with police
- Email the scam URL to
suspicious@safeonweb.be
Our SOC team is available to help verify suspicious sites or messages.
Contact the Approach Cyber SOC team for tailored support and training programs.
