Security News > 2021 > December > The 5 Most-Wanted Threatpost Stories of 2021

Sure, attackers could simply visit public profiles to target someone, but having so many records in one place could make it possible to automate targeted attacks using information about users' jobs and gender, among other details.

Randori researchers said that if an attacker successfully exploits the weakness, they can gain a shell on the targeted system, access sensitive configuration data, extract credentials and more.

Attackers can dance across a targeted organization, they said: "Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally."

Any applications corrupted by malicious code can attack the programs' users.

Cybercriminals have swarmed to this attack surface, and readers in 2021 loved to hear about their exploits.

VMware ESXi, formerly known as ESX, is a bare-metal hypervisor that installs easily onto servers and partitions them into multiple VMs. While that makes it easy for multiple VMs to share the same hard-drive storage, it sets systems up to be one-stop shopping spots for attacks, since attackers can encrypt the centralized virtual hard drives used to store data from across VMs. Dirk Schrader of New Net Technologies told Threatpost that on top of the attraction of ESXi servers as a target, "Going that extra mile to add Linux as the origin of many virtualization platforms to functionality" has the welcome side effect of enabling attacks on any Linux machine.

News URL

https://threatpost.com/5-top-threatpost-stories-2021/177278/