![]() ![]() ![]() “Securing virtual infrastructure is vital. VMWare says to patch if possible or to disable the affected SLP service in ESXi.Ĭonsulting Solutions Engineer Stefan van der Wal from Barracuda Networks says the ransomware attack highlights how important it is to update critical software infrastructure systems. CERT-FR says the two relevant vulnerabilities are CVE-2021-21974 from VMSA-2021-0002 which deals with an SXi OpenSLP heap-overflow vulnerability, and CVE-2020-3992 from VMSA-2020-0023 which handles an ESXi OpenSLP remote code execution vulnerability. “No evidence has emerged pointing to aggression by a state or hostile state-like entity,” that agency said, noting that the attackers did not target critical infrastructure servers.īecause the attacks are targeting servers unpatched servers, systems that have previously updated are protected from this particular piece of malware. Overnight, Italy’s National Cybersecurity Agency said they believed cyber-criminals rather than nation-state actors were behind the attacks. nvra files on the servers and release ransom notes. The situation is evolving, but according to the latest estimates, the hackers have targeted over 3,000 servers. Exploit codes have been available in open source since at least May 2021.” In particular, the SLP service seems to have been targeted, a service for which several vulnerabilities had been the subject of successive patches. “These attack campaigns seem to have taken advantage of the exposure of ESXi hypervisors which would not have been updated with security patches quickly enough. “CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” the agency said. The affected systems are ESXi hypervisors version 6.5, 6.7 and 7.0. VMware is a global provider of multi-cloud services.ĬERT-FR, the French government’s cybersecurity response agency, issued an alert on February 3 warning of the attack. Hackers are targeting an OpenSLP (service location protocol) security flaw in unpatched VMware ESXi servers, deploying malware that enables the attackers to facilitate a remote code execution and encrypt the servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |