VMware has released patches for a critical security vulnerability affecting its Carbon Black App Control product. The vulnerability, tracked as CVE-2023-20858, carries a CVSS score of 9.1 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. VMware describes the flaw as an injection vulnerability, and warns that a malicious actor with privileged access to the App Control administration console could use specially crafted input to access the underlying server operating system. There are no workarounds for the vulnerability, and customers are advised to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks.
Iranian Cyberspies Target Thousands of Organizations with Password Spray Attacks Article Link: https://www.csoonline.com/article/652668/iranian-cyberspies-target-thousands-of-organizations-with-password-spray-attacks.html Requests via Facebook Messenger Lead to Hijacked Business Accounts Article Link: https://www.helpnetsecurity.com/2023/09/12/hijacked-facebook-business-accounts/