New Vuln Enables Admin Access on Domain-Joined ESXi Hypervisors
- Editor DTI
- July 30, 2024
- cve-2024-37085
- esxi
- microsoft
- ransomware
- vmware
Image Source: Shutterstock Ransomware attackers are leveraging CVE-2024-37085 to drop Black Basta, Akira on vulnerable systems, Microsoft says. Ransomware operators are exploiting an authentication bypass vulnerability in ESXi hypervisors to gain full administrative control of ESXi hypervisors connected to Windows domains. Adversaries can use the access to encrypt file systems and disrupt all virtual servers […]
Read MoreAttackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors at several organizations using malicious vSphere Installation Bundles. The backdoors enable a lot of bad things including persistent access, arbitrary command execution and […]
Read More