Security News > 2024 > July > CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.
Broadcom subsidiary VMware fixed this flaw discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group-not present by default but can be added after gaining high privileges on the ESXi hypervisor-which will automatically be assigned full administrative privileges.
CVE-2024-37085 has been exploited by ransomware operators tracked as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest to deploy Akira and Black Basta ransomware.
Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks.
New Play ransomware Linux version targets VMware ESXi VMs. SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks.
Linux version of RansomHub ransomware targets VMware ESXi VMs. CISA warns of Windows bug exploited in ransomware attacks.
News URL
Related news
- SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (source)
- Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks (source)
- Linux version of TargetCompany ransomware focuses on VMware ESXi (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- Linux version of RansomHub ransomware targets VMware ESXi VMs (source)
- New Eldorado ransomware targets Windows, VMware ESXi VMs (source)
- New Linux Variant of Play Ransomware Targeting VMWare ESXi Systems (source)
- New Play ransomware Linux version targets VMware ESXi VMs (source)
- VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access (source)
- VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) (source)