Security News

The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. ESXi servers often run critical applications and services for businesses, including databases and email servers, so the operational disruption from the ransomware attack is maximized.

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected...

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in...

A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability as a zero-day since at least late 2021. In the next stage, they exploited the CVE-2023-20867 VMware Tools authentication bypass flaw to escalate privileges, harvest files, and exfiltrate them from guest VMs. While, until now, Mandiant didn't know how the attackers gained privileged access to victims' vCenter servers, the link was made evident in late 2023 by a VMware vmdird service crash minutes before the backdoors' deployment closely matching CVE-2023-34048 exploitation.

VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines.

A critical vulnerability affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned.Patches are available and VMware recommends upgrading to VMware Aria Automation 8.16.

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The...

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. The solution: "Immediately" patch each affected installation by updating to the latest available version, according to the vendor.

A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Last month, security researcher MalwareHunterTeam found a Linux ELF64 encryptor for the Qilin ransomware gang and shared it with BleepingComputer to analyze.