Thousands of VMware ESXi Servers Targeted in Global Ransomware Attacks
ION Trading UK seemingly paid LockBit's ransom, Emennet Pasargad responsible for Charlie Hebdo breach, Finnish psychotherapy clinic hacker busted, Stalkerware dev fined $410,000, more
Metacurity is a reader-supported publication, and I need your help. To receive new posts and support my work, consider becoming a paid subscriber.
Italy's National Cybersecurity Agency (ACN) warned that thousands of computer servers had been targeted by a global ransomware hacking attack targeting VMware ESXi servers urging organizations to take action to protect their systems.
VMware said it is aware of the report and issued patches in February 2021 when it discovered the vulnerability now being exploited, urging customers to apply the patch if they have not done so. Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries, such as France and Finland, as well as the United States and Canada.
The flaw is a two-year-old remote code execution vulnerability, CVE-2021-21974, caused by a heap overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit. "As current investigations, these a…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.