• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware finds no evidence of 0 day in ongoing esxiargs ransomware

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

You are here: Home / General Cyber Security News / VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
February 7, 2023

VMware on Monday claimed it located no evidence that threat actors are leveraging an not known security flaw, i.e., a zero-working day, in its application as part of an ongoing ransomware attack spree throughout the world.

“Most studies condition that Stop of General Assistance (EoGS) and/or substantially out-of-date products are becoming specific with recognised vulnerabilities which were being earlier tackled and disclosed in VMware Security Advisories (VMSAs),” the virtualization companies service provider stated.

The enterprise is even more recommending buyers to upgrade to the most up-to-date out there supported releases of vSphere factors to mitigate known issues and disable the OpenSLP company in ESXi.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“In 2021, ESXi 7. U2c and ESXi 8. GA started shipping and delivery with the assistance disabled by default,” VMware additional.

The announcement will come as unpatched and unsecured VMware ESXi servers all around the world have been targeted in a massive-scale ransomware campaign dubbed ESXiArgs by most likely exploiting a two-yr-previous bug VMware patched in February 2021.

The vulnerability, tracked as CVE-2021-21974 (CVSS rating: 8.8), is an OpenSLP heap-based mostly buffer overflow vulnerability that an unauthenticated menace actor can exploit to acquire remote code execution.

The intrusions surface to solitary out vulnerable ESXi servers that are exposed to the internet on OpenSLP port 427, with the victims instructed to shell out 2.01 Bitcoin (about $45,990 as of writing) to get the encryption critical necessary to recover documents. No info exfiltration has been noticed to day.

Knowledge from GreyNoise reveals that 19 one of a kind IP addresses have been making an attempt to exploit the ESXi vulnerability because February 4, 2023. 18 of the 19 IP addresses are labeled as benign, with 1 sole malicious exploitation recorded from the Netherlands.

“ESXi buyers must assure their details is backed up and ought to update their ESXi installations to a fixed version on an unexpected emergency basis, without having waiting for a frequent patch cycle to take place,” Immediate7 researcher Caitlin Condon explained. “ESXi scenarios must not be exposed to the internet if at all attainable.”

Uncovered this short article fascinating? Follow us on Twitter  and LinkedIn to read through additional special written content we put up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Novel Banking Trojan ‘PixPirate’ Targets Brazil
Next Post: Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm linux variant of clop ransomware spotted, but uses faulty encryption»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.