Metacurity

Share this post

Thousands of VMware ESXi Servers Targeted in Global Ransomware Attacks

metacurity.substack.com

Thousands of VMware ESXi Servers Targeted in Global Ransomware Attacks

ION Trading UK seemingly paid LockBit's ransom, Emennet Pasargad responsible for Charlie Hebdo breach, Finnish psychotherapy clinic hacker busted, Stalkerware dev fined $410,000, more

Cynthia Brumfield
Feb 6, 2023
∙ Paid
2
Share
Share this post

Thousands of VMware ESXi Servers Targeted in Global Ransomware Attacks

metacurity.substack.com

Metacurity is a reader-supported publication, and I need your help. To receive new posts and support my work, consider becoming a paid subscriber.

Italy's National Cybersecurity Agency (ACN) warned that thousands of computer servers had been targeted by a global ransomware hacking attack targeting VMware ESXi servers urging organizations to take action to protect their systems.

VMware said it is aware of the report and issued patches in February 2021 when it discovered the vulnerability now being exploited, urging customers to apply the patch if they have not done so. Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries, such as France and Finland, as well as the United States and Canada.

The flaw is a two-year-old remote code execution vulnerability, CVE-2021-21974, caused by a heap overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit. "As current investigations, these a…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing