New Vuln Enables Admin Access on Domain-Joined ESXi Hypervisors
- Editor DTI
- July 30, 2024
- cve-2024-37085
- esxi
- microsoft
- ransomware
- vmware
Image Source: Shutterstock Ransomware attackers are leveraging CVE-2024-37085 to drop Black Basta, Akira on vulnerable systems, Microsoft says. Ransomware operators are exploiting an authentication bypass vulnerability in ESXi hypervisors to gain full administrative control of ESXi hypervisors connected to Windows domains. Adversaries can use the access to encrypt file systems and disrupt all virtual servers […]
Read MoreAttackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-22954). Researchers from Fortinet’s FortiGuard Labs on Thursday said they had observed threat actors exploiting the […]
Read MoreAttackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors at several organizations using malicious vSphere Installation Bundles. The backdoors enable a lot of bad things including persistent access, arbitrary command execution and […]
Read More