Security News > 2021 > February > Attackers scan for vulnerable VMware servers after PoC exploit release
After security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
Successful exploitation of this security bug allows attackers to take over an organization's entire network, given that VMware vCenter servers are used by IT admins to manage VMware solutions deployed across their enterprise environments via a single console.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explained.
To highlight the importance of patching vulnerable vCenter servers exposed and avoiding exposing them over the Internet, VMware vulnerabilities have been exploited in the past in ransomware attacks targeting enterprise networks.
Multiple ransomware gangs, including RansomExx, Babuk Locker, and Darkside, have used VMWare ESXi pre-auth RCE exploits to encrypt ESXi instances' virtual hard disks used as centralized enterprise storage space, as ZDNet reported last year.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)