Security News

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets.

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors. While the amplification rate is only 2.32 to 1, UDP reflection/amplification attacks abusing STUN services can be more difficult to mitigate without overblocking legitimate traffic.

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.

CloudLinux announces the release of CloudLinux OS Solo. "Our starting point was clear. Based on research results, our clients overwhelmingly want the classic CloudLinux OS with VPS and VMs, which only a few users can then utilize. One main request is a robust set of CloudLinux features on one server at affordable prices. Consequently, we found hundreds of VPSs with five or fewer websites hosted by a single client, many of which use VMs for staging and production. Some clients want a stable OS with technical support that is secure and not open-sourced."

Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

Hewlett Packard Enterprise has fixed a critical zero-day remote code execution flaw in its HPE Systems Insight Manager software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant Gen9, as well as for storage and networking products.

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.