Thousands of VMware ESXi Servers Targeted in Global Ransomware Attacks

ION Trading UK seemingly paid LockBit's ransom, Emennet Pasargad responsible for Charlie Hebdo breach, Finnish psychotherapy clinic hacker busted, Stalkerware dev fined $410,000, more

Italy's National Cybersecurity Agency (ACN) warned that thousands of computer servers had been targeted by a global ransomware hacking attack targeting VMware ESXi servers urging organizations to take action to protect their systems.

VMware said it is aware of the report and issued patches in February 2021 when it discovered the vulnerability now being exploited, urging customers to apply the patch if they have not done so. Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries, such as France and Finland, as well as the United States and Canada.

The flaw is a two-year-old remote code execution vulnerability, CVE-2021-21974, caused by a heap overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit. "As current investigations, these a…