Security News > 2023 > February > Week in review: VMware ESXi servers under attack, ChatGPT’s malicious potential, Reddit breached

Week in review: VMware ESXi servers under attack, ChatGPT’s malicious potential, Reddit breached
2023-02-12 09:30

Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication.

Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.

Amazon S3 to apply security best practices for all new bucketsStarting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.

Top 3 resolutions for security teamsIn this Help Net Security video, Kevin Garrett, Senior Solutions Engineer at Censys, recommends three critical elements all security teams need to add to their resolutions this year.

How CISOs can improve security practices to keep up with evolving technologiesIn this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, including tips on how consumers and organizations can bolster their security practices to keep up with evolving technologies.

New infosec products of the week: February 10, 2023Here's a look at the most interesting products from the past week, featuring releases from Cequence Security, Deepwatch, Neustar Security Services, OPSWAT, and SecuriThings.


News URL

https://www.helpnetsecurity.com/2023/02/12/week-in-review-vmware-esxi-servers-under-attack-chatgpts-malicious-potential-reddit-breached/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-21974 Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability.
low complexity
vmware CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591