28.06.2024

Cybersecurity Researchers Issue Alert on Malicious Python Package
Cybersecurity experts have flagged a new malicious Python package, pytoileur. According to Sonatype's analysis, the harmful code is embedded within the package's setup.py script. This allows it to execute a Base64-encoded payload, which facilitates retrieving a Windows binary file from an external server.
Sonatype also identified a newly created StackOverflow account under the name "EstAYA G". This account has been responding to user queries, misleading them into installing the fraudulent pytoileur package as a purported solution to their issues.
The Stack Overflow Trust & Safety team detected policy violations, removed the offending content from the platform, and took the necessary actions.
Source: The Hacker News

Critical Security Vulnerability Threatens WordPress Sites
Users of WordPress employing the popular HTML5 Video Player plugin are urged to take immediate action after discovering a severe security vulnerability (CVE-2024-5522, CVSS 10.0). This flaw allows unauthenticated users to execute SQL queries against website databases.
Exploitation of this vulnerability could potentially enable attackers to:● Steal sensitive information such as user credentials, financial data, or personal details.● Alter website content, redirect visitors to malicious sites, or inject harmful code.● Disrupt website functionality, install backdoors, or gain full control over the site.
Mitigation Recommendations:● Update the plugin to the latest version.● Temporarily disable or remove the plugin if updates are unavailable.
Source: Security Online

Vulnerability Discovered in Nexus Repository Manager
A Path Traversal vulnerability (CVE-2024-4956) has been identified in Nexus Repository Manager 3, affecting versions up to 3.68.0. This flaw enables attackers to create a URL that grants unauthorised access to system files outside the Nexus Repository application. The severity of this risk lies in the potential for confidential data leakage and system security compromise.
Users are advised to upgrade their systems to version 3.68.1 or later to mitigate this risk.

Urgent Microsoft Update Required for Critical MSMQ Vulnerability
Microsoft has issued an urgent call to Windows administrators to promptly install a patch for a critical vulnerability (CVE-2024-30080) in the Microsoft Message Queuing (MSMQ) component. Rated 9.8/10 on the CVSS scale, this vulnerability enables cybercriminals to remotely execute code on the MSMQ server by sending specially crafted malicious packets.
To exploit this vulnerability, the Windows Message Queuing service must be enabled, and TCP port 1801 open. Microsoft recommends verifying these settings and installing the update immediately.
This patch is part of a comprehensive package that addresses 51 vulnerabilities across various Windows components.
Source: Security Week

VMware Identifies Critical Vulnerabilities in vCenter Server: Immediate Update Needed
VMware has discovered two critical vulnerabilities in the vCenter Server (CVE-2024-37079 and CVE-2024-37080), each scoring 9.8 on the CVSS v3 scale. These flaws are described as "dynamic memory overflow vulnerabilities in the DCE/RPC protocol implementation." An attacker with network access could exploit these by sending specially crafted network packets, potentially leading to remote code execution.
Patches for vCenter Server and Cloud Foundation are now available. However, VMware has not assessed the impact on older versions of vSphere (6.5 and 6.7), which have been unsupported since October 2022 but are still widely used.
Additionally, a third vulnerability (CVE-2024-37081) has been identified, involving local privilege escalation due to incorrect sudo configuration. Rated 7.8, this flaw allows an authenticated local user with limited privileges to elevate their privileges to root on the vCenter Server Appliance.
Source: The Register