Security News

Researchers discover ransomware that encrypts virtual machines hosted on an ESXi hypervisor
2021-10-07 09:35

Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor."This is one of the fastest ransomware attacks Sophos has ever investigated and it appeared to precision-target the ESXi platform," said Andrew Brandt, principal researcher at Sophos.

VMware ESXi Servers Encrypted by Lightning-Fast Python Script
2021-10-06 20:34

Researchers have discovered a new Python ransomware from an unnamed gang that's striking ESXi servers and virtual machines with what they called "Sniper-like" speed. While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but.

Ransomware gang encrypts VMware ESXi servers with Python script
2021-10-05 13:00

Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers. While the Python programming language is not commonly used in ransomware development, it is a logical choice for ESXi systems, seeing that such Linux-based servers come with Python installed by default.

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]
2021-09-30 18:49

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
2021-09-28 15:06

A working exploit for the critical CVE-2021-22005 remote-code execution vulnerability in VMware vCenter is now fully public and is being exploited in the wild. "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware, when VMware announced the vulnerability on Tuesday.

Working exploit released for VMware vCenter CVE-2021-22005 bug
2021-09-28 11:03

A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. On Monday, exploit writer wvu released an unredacted exploit for CVE-2021-22005 that works against endpoints with the Customer Experience Improvement Program component enabled, which is the default state.

Hackers exploiting critical VMware vCenter CVE-2021-22005 bug
2021-09-24 18:04

Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it. Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Exploits imminent for critical VMware vCenter CVE-2021-22005 bug
2021-09-24 18:04

Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online. Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Hackers are scanning for VMware CVE-2021-22005 targets, patch now!
2021-09-22 21:44

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. While exploit code is not yet publicly available, ongoing scanning activity was already spotted by threat intelligence company Bad Packets 12 hours ago after some of its VMware honeypots began recording attackers probing for the presence of the critical bug.

VMware patch bulletin warns: “This needs your immediate attention.”
2021-09-22 18:46

Generally speaking, file upload vulnerabilities happen when an untrusted user is allowed to upload files of their own choosing. Those untrusted files end up saved in a location where the server will subsequently treat them as trusted files instead, perhaps executing them as scripts or programs, or using them to reconfigure security settings on the server.