Security News

ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack
2021-06-06 22:04

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets.

Attackers are scanning for vulnerable VMware servers, patch now!
2021-06-04 18:23

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Attackers scan for unpatched VMware vCenter servers, PoC exploit available
2021-06-04 18:23

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks
2021-06-04 15:00

Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors. While the amplification rate is only 2.32 to 1, UDP reflection/amplification attacks abusing STUN services can be more difficult to mitigate without overblocking legitimate traffic.

FreakOut malware worms its way into vulnerable VMware servers
2021-06-04 13:03

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.

CloudLinux OS Solo optimizes Linux server and application performance
2021-06-04 02:00

CloudLinux announces the release of CloudLinux OS Solo. "Our starting point was clear. Based on research results, our clients overwhelmingly want the classic CloudLinux OS with VPS and VMs, which only a few users can then utilize. One main request is a robust set of CloudLinux features on one server at affordable prices. Consequently, we found hundreds of VPSs with five or fewer websites hosted by a single client, many of which use VMs for staging and production. Some clients want a stable OS with technical support that is secure and not open-sourced."

Exchange Servers Targeted by ‘Epsilon Red’ Malware
2021-06-03 12:47

Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.

New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
2021-05-29 15:33

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

HPE Fixes Critical Zero-Day in Server Management Software
2021-05-28 15:11

Hewlett Packard Enterprise has fixed a critical zero-day remote code execution flaw in its HPE Systems Insight Manager software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant Gen9, as well as for storage and networking products.

VMware fixes critical vCenter Server RCE vulnerability, urges immediate action (CVE-2021-21985)
2021-05-26 09:30

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.