02/28/2024-03/06/2024 Security Patches for ESXi, Workstation, and Fusion Flaws, Critical JetBrains TeamCity On-Premises Flaws, 100 Malicious AI/ML Models And More.

1. VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

VMware issued patches for four security flaws in ESXi, Workstation, and Fusion, including two critical ones allowing code execution (CVE-2024-22252 and CVE-2024-22253). These are described as use-after-free bugs in the XHCI USB controller, scoring 9.3 for Workstation/Fusion and 8.4 for ESXi. Exploitation could lead to code execution within VMX sandboxes or on the host machine. Researchers from Ant Group Light-Year Security Lab and QiAnXin discovered CVE-2024-22252, while VictorV and Wei reported CVE-2024-22253. Also fixed are CVE-2024-22254 (ESXi sandbox escape) and CVE-2024-22255 (VMX process memory leak). Patched versions include ESXi 6.5 to 8.0, Workstation 17.x, and Fusion 13.x. A workaround advises removing USB controllers from virtual machines. Virtual USB devices won’t function, but default keyboard/mouse inputs are unaffected.

2. Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

Two new vulnerabilities, CVE-2024-27198 (CVSS: 9.8) and CVE-2024-27199 (CVSS: 7.3), have been disclosed in JetBrains TeamCity On-Premises software, impacting versions up to 2023.11.3. Fixed in version 2023.11.4, these flaws allow unauthenticated attackers to gain administrative control over affected servers. They enable bypassing authentication checks and manipulating server settings, including HTTPS certificate replacement. Rapid7 discovered and reported these issues on February 20, 2024. The company warned that compromising a server grants control over projects, builds, agents, and artifacts, making it a potential supply chain attack vector. Prior fixes addressed another critical flaw (CVE-2024-23917). With past exploits by threat actors, users should promptly update their servers to mitigate risks.

3. Over 100 Malicious AI/ML Models Found on Hugging Face Platform

Over 100 malicious AI/ML models were found on the Hugging Face platform, posing risks like code execution upon loading pickle files. This could lead to a backdoor granting attackers full control over compromised machines, potentially causing large-scale breaches or corporate espionage. One model initiates a reverse shell connection to a specific IP address. The incident raises concerns about open-source repositories being tainted for malicious purposes. Additionally, researchers have developed methods like BEAST to prompt harmful responses from large-language models (LLMs), and a generative AI worm named Morris II, capable of data theft and malware spread. This underscores the vulnerability of systems reliant on LLMs, with attacks like ComPromptMized exploiting their output for malicious ends, akin to traditional injection attacks. Such threats highlight the ongoing battle to secure LLMs against manipulation and exploitation.

4. Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities

The Five Eyes (FVEY) intelligence alliance issued a cybersecurity advisory warning of cyber threat actors exploiting known flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. They noted that Ivanti’s Integrity Checker Tool (ICT) can be misled, offering a false sense of security. Ivanti has disclosed five vulnerabilities since January 10, 2024, four of which are actively exploited. 

• CVE-2023-46805 (CVSS score: 8.2) – Authentication bypass vulnerability in web component;
• CVE-2024-21887 (CVSS score: 9.1) – Command injection vulnerability in web component;
• CVE-2024-21888 (CVSS score: 8.8) – Privilege escalation vulnerability in web component;
• CVE-2024-21893 (CVSS score: 8.2) – SSRF vulnerability in the SAML component;
• CVE-2024-22024 (CVSS score: 8.3) – XXE vulnerability in the SAML component.

Mandiant described how malware like BUSHWALK can evade detection by ICT. Directory exclusions allow attackers to bypass scans and install backdoors. Agencies urge caution and consider the risk of continued device operation. Akamai data shows thousands of daily exploitation attempts worldwide. Ivanti claims no instances of successful persistence post-security updates and factory resets. They’re releasing an updated ICT for enhanced visibility.

5. GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub announced default secret scanning push protection for all pushes to public repositories. If a secret is detected, users can remove it from commits or bypass the block. Push protection was piloted as an opt-in feature in August 2023 and became generally available in May 2023. The feature identifies over 200 token types and patterns from 180+ service providers to prevent misuse. The development comes nearly five months after the Microsoft subsidiary expanded secret scanning to include validity checks for popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack.

It responds to an ongoing “repo confusion” attack targeting GitHub, flooding it with repositories containing obfuscated malware to steal passwords and cryptocurrency. The attacks are part of a malware distribution campaign discovered last year, using fake Python packages to deploy BlackCap Grabber.

6. Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

North Korean hacking group Lazarus infiltrated the Python Package Index (PyPI), uploading four malware-infected packages: pycryptoenv, pycryptoconf, quasarlib, and swapmempool. Though taken down, they were downloaded collectively 3,269 times, with pycryptoconf accounting for 1,351 downloads. These packages mimic pycrypto, exploiting typos during installation. This revelation follows Phylum’s discovery of rogue npm packages in a campaign dubbed Contagious Interview, sharing a similar tactic of concealing malware within a test script. The malicious code, disguised as a test file (“test.py”), actually contains an XOR-encoded DLL file leading to the execution of Comebacker malware, establishing connections with a command-and-control server. This attack mirrors a campaign detailed by Phylum in November 2023, targeting developers with crypto-themed npm modules. Users are urged to be cautious during software installation to avoid unwittingly downloading malware.