Security News
VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.These types of flaws are critical as they could permit attackers to gain unauthorized access to the host system where a hypervisor is installed or access other virtual machines running on the same host, breaching their isolation.
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and...
The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. ESXi servers often run critical applications and services for businesses, including databases and email servers, so the operational disruption from the ransomware attack is maximized.
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Last month, security researcher MalwareHunterTeam found a Linux ELF64 encryptor for the Qilin ransomware gang and shared it with BleepingComputer to analyze.
Something likely to be absent from Microsoft's Ignite event is talk of a fix rolled out to deal with malfunctioning Windows Server 2022 Virtual Machines following a problematic update from the company. The culprit was the KB5031364 October update, which contained a variety of fixes and updates for Windows Server 2022, from changing the spelling of Ukraine's capital from Kiev to Kyiv to addressing issues with the Server Message Block service.
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
The Monti ransomware gang has returned, after a two-month break from publishing victims on their data leak site, using a new Linux locker to target VMware ESXi servers, legal, and government organizations. Researchers at Trend Micro analyzing the new encryption tool from Monti found that it has "Significant deviations from its other Linux-based predecessors."
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose. Hospitals run by Prospect Medical Holdings were also impacted this week by a ransomware attack on the parent company.
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise. With VMware ESXi being one of the most popular virtual machine platforms, almost every ransomware gang has begun to release Linux encryptors to encrypt all virtual servers on a device.