Home Security VMware Finds No Proof of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware Finds No Proof of 0-Day in Ongoing ESXiArgs Ransomware Spree

by crpt os


Feb 07, 2023Ravie LakshmananEndpoint Security / Zero-Day

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide.

“Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware Security Advisories (VMSAs),” the virtualization services provider said.

The company is further recommending users to upgrade to the latest available supported releases of vSphere components to mitigate known issues and disable the OpenSLP service in ESXi.

“In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default,” VMware added.

The announcement comes as unpatched and unsecured VMware ESXi servers around the world have been targeted in a large-scale ransomware campaign dubbed ESXiArgs by likely exploiting a two-year-old bug VMware patched in February 2021.

The vulnerability, tracked as CVE-2021-21974 (CVSS score: 8.8), is an OpenSLP heap-based buffer overflow vulnerability that an unauthenticated threat actor can exploit to gain remote code execution.

The intrusions appear to single out susceptible ESXi servers that are exposed to the internet on OpenSLP port 427, with the victims instructed to pay 2.01 Bitcoin (about $45,990 as of writing) to receive the encryption key needed to recover files. No data exfiltration has been observed to date.

Data from GreyNoise shows that 19 unique IP addresses have been attempting to exploit the ESXi vulnerability since February 4, 2023. 18 of the 19 IP addresses are classified as benign, with one sole malicious exploitation recorded from the Netherlands.

“ESXi customers should ensure their data is backed up and should update their ESXi installations to a fixed version on an emergency basis, without waiting for a regular patch cycle to occur,” Rapid7 researcher Caitlin Condon said. “ESXi instances should not be exposed to the internet if at all possible.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex