• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware finds no evidence of 0 day in ongoing esxiargs ransomware

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

You are here: Home / General Cyber Security News / VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
February 7, 2023

VMware on Monday claimed it located no evidence that threat actors are leveraging an not known security flaw, i.e., a zero-working day, in its application as part of an ongoing ransomware attack spree throughout the world.

“Most studies condition that Stop of General Assistance (EoGS) and/or substantially out-of-date products are becoming specific with recognised vulnerabilities which were being earlier tackled and disclosed in VMware Security Advisories (VMSAs),” the virtualization companies service provider stated.

The enterprise is even more recommending buyers to upgrade to the most up-to-date out there supported releases of vSphere factors to mitigate known issues and disable the OpenSLP company in ESXi.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“In 2021, ESXi 7. U2c and ESXi 8. GA started shipping and delivery with the assistance disabled by default,” VMware additional.

The announcement will come as unpatched and unsecured VMware ESXi servers all around the world have been targeted in a massive-scale ransomware campaign dubbed ESXiArgs by most likely exploiting a two-yr-previous bug VMware patched in February 2021.

The vulnerability, tracked as CVE-2021-21974 (CVSS rating: 8.8), is an OpenSLP heap-based mostly buffer overflow vulnerability that an unauthenticated menace actor can exploit to acquire remote code execution.

The intrusions surface to solitary out vulnerable ESXi servers that are exposed to the internet on OpenSLP port 427, with the victims instructed to shell out 2.01 Bitcoin (about $45,990 as of writing) to get the encryption critical necessary to recover documents. No info exfiltration has been noticed to day.

Knowledge from GreyNoise reveals that 19 one of a kind IP addresses have been making an attempt to exploit the ESXi vulnerability because February 4, 2023. 18 of the 19 IP addresses are labeled as benign, with 1 sole malicious exploitation recorded from the Netherlands.

“ESXi buyers must assure their details is backed up and ought to update their ESXi installations to a fixed version on an unexpected emergency basis, without having waiting for a frequent patch cycle to take place,” Immediate7 researcher Caitlin Condon explained. “ESXi scenarios must not be exposed to the internet if at all attainable.”

Uncovered this short article fascinating? Follow us on Twitter  and LinkedIn to read through additional special written content we put up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Novel Banking Trojan ‘PixPirate’ Targets Brazil
Next Post: Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm linux variant of clop ransomware spotted, but uses faulty encryption»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.