Security News

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. The botnet was first discovered in March by researchers at Securonix and by April, when analysis of newer samples emerged from Fortinet, EnemyBot had already integrated flaws for more than a dozen processor architectures.

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. Its main purpose is launching distributed denial-of-service attacks and the malware also has modules to scan for new target devices and infect them.

Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months. ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. VMware released security updates to address the CVE-2022-22972 flaw affecting Workspace ONE Access, VMware Identity Manager, or vRealize Automation.

A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. We have seen many ransomware groups targeting the VMware ESXi platform in the past, with the most recent additions being LockBit and Hive.

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. Security researchers at attack surface assessment company Horizon3 announced today that they managed to create a working proof-of-concept exploit code for CVE-2022-22972 and will be releasing a technical report shortly.

Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. VMware issues critical fixes, CISA orders federal agencies to act immediatelyVMware has released patches for a privately reported critical vulnerability in VMware's Workspace ONE Access, VMware Identity Manager, vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, and is urging administrators to patch or mitigate immediately, because "The ramifications of this vulnerability are serious."

Virtualisation in general, and VMWare's product set in particular, is widely used to turn individual physical computers into several "Virtual computers" that share the same physical hardware. These virtual computers, known in the jargon as VMs, realistically pretend to be independent computers in their own right, each one booting and running an operating system of its own, as a physical computer would.

The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped implant against targets located in its southern counterpart. NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain.