Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Security researchers identified exploitation attempts for a week-old VMware Workspace ONE Access vulnerability. A malicious actor exploiting this vulnerability potentially gains an unlimited attack surface. Security breaches, ransom, brand harm, and lawsuits are all possible outcomes for affected organizations. The attack’s tactics, techniques, and procedures are similar to those utilized by groups like the Iranian-linked Rocket Kitten.
This new vulnerability is a server-side template injection that affects an Apache Tomcat component and executes a malicious command on the hosting server. A hostile actor with network access can exploit this vulnerability to acquire full remote code execution against VMware’s identity access management.
According to research, attackers are already exploiting this vulnerability to launch reverse HTTPS backdoors, mainly Cobalt Strike, Metasploit, or Core Impact beacons.. With privileged access, these sorts of attacks may be able to circumvent standard defenses such as antivirus (AV) and endpoint detection and response (EDR).
Security researchers have analyzed this new attack in detail below.
Another VMWare component, the VMWare Identity Manager service, is now exploited by threat actors. Several vulnerabilities have recently been reported, including CVE-2022-22957, CVE-2022-22958, and CVE-2022-22954.
Refer to VMware Security Advisory for the patch, upgrade or suggested workaround information.