Grafana fixes zero-day vulnerability after exploits spread over Twitter
Google disrupts massive Glupteba botnet, sues Russian operators
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
New Cerber ransomware targets Confluence and GitLab servers
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Grafana fixes zero-day vulnerability after exploits spread over Twitter
AWS outage impacts Ring, Netflix, and Amazon deliveries
Alleged ransomware affiliate arrested for healthcare attacks
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device.
Due to the pandemic and the rising trend of working from home, organizations have begun to rely heavily on cloud-based services. This necessity also increased cloud providers utilizing Eltima’s SDK that allow employees to mount local USB mass storage devices for use on their cloud-based virtual desktops.
However, as cloud desktop providers, including Amazon Workspaces, rely on tools like Eltima, SentinelOne warned that millions of users worldwide have become exposed to the discovered vulnerabilities.
The implications of exploiting the flaws are significant as they could allow remote threat actors to gain elevated access on a cloud desktop to run code in kernel mode.
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,” explained a new report by Sentinel Labs.
This elevated access could allow malware to steal credentials that threat actors can use to breach an organization’s internal network.
In total, there are 27 vulnerabilities discovered by SentinelOne, with the CVE IDs listed below:
These vulnerabilities have been responsibly disclosed to Eltima, who has already released fixes for affected versions. However, it is now up to cloud services to upgrade their software to utilize the updated Eltima SDK.
According to SentinelOne, the affected software and cloud platforms are:
It is important to note that Sentinel Labs hasn’t looked into all possible products that could incorporate the vulnerable Eltima SDK, so there could be more products affected by the set of flaws.
Also, some services are vulnerable on the client-side, others on the server-side, and a few on both, depending on code-sharing policies.
Sentinel Labs clarifies that it has seen no evidence that threat actors have exploited these vulnerabilities. Still, now that a technical report has been released, we will likely see exploitation in the future.
Out of an abundance of caution, admins should revoke privileged credentials before applying the security updates, and logs should be scrutinized for signs of suspicious activity. 
Most vendors have patched the flaws and pushed them through automatic updates. However, some require end-user action to apply the security updates, like upgrading the client app to the latest available version.
Below is a list of fixes released by different vendors:
Mediatek eavesdropping bug impacts 30% of all Android smartphones
Grafana fixes zero-day vulnerability after exploits spread over Twitter
New Cerber ransomware targets Confluence and GitLab servers
Zoho: Patch new ManageEngine bug exploited in attacks ASAP
Hackers use in-house Zoho ServiceDesk exploit to drop webshells
Not a member yet? Register Now
Convincing Microsoft phishing uses fake Office 365 spam alerts
Malicious Excel XLL add-ins push RedLine password-stealing malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.