Security News

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.

CloudLinux announces the release of CloudLinux OS Solo. "Our starting point was clear. Based on research results, our clients overwhelmingly want the classic CloudLinux OS with VPS and VMs, which only a few users can then utilize. One main request is a robust set of CloudLinux features on one server at affordable prices. Consequently, we found hundreds of VPSs with five or fewer websites hosted by a single client, many of which use VMs for staging and production. Some clients want a stable OS with technical support that is secure and not open-sourced."

Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

Hewlett Packard Enterprise has fixed a critical zero-day remote code execution flaw in its HPE Systems Insight Manager software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant Gen9, as well as for storage and networking products.

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.

VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.

StorMagic announced that StorMagic SvSAN and Zerto have been validated with HPE Proliant servers. Delivered through the HPE Complete Program, this HPE validated solution allows customers to protect edge-to-edge, edge-to-core or edge-to-cloud workloads.

A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM service. Luckily, although it can be abused by threat in remote code execution attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.