Security News
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control...
Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...]
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly...
A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...]
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...]
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various...
Why a strong patch management strategy is essential for reducing business riskIn this Help Net Security interview, Eran Livne, Senior Director of Product Management, Endpoint Remediation at Qualys and Thomas Scheffler, Security Operations Manager of Cintas Corporation, discuss their experiences with automated patch management. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches.
A vulnerability in the ESXi hypervisor was patched by VMware last week, but Microsoft has revealed that it has already been exploited by ransomware groups to gain administrative permissions. The vulnerability affects ESXi versions 7.0 and 8.0 and VMware Cloud Foundation versions 4.x and 5.x., but patches were only rolled out for ESXi 8.0 and VMware Cloud Foundation 5.x. It has a relatively low CVSS severity score of 6.8.
CISA has ordered U.S. Federal Civilian Executive Branch agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group-not present by default but can be added after gaining high privileges on the ESXi hypervisor-which will automatically be assigned full administrative privileges.