Sunday, February 12, 2023

VMware ESXi have come under attack

 Patch your VMware ESXi 

Servers running the popular virtualization hypervisor VMware ESXi have come under attack from at least one ransomware group over the past week, likely following scanning activity to identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.

Specifically, threat actors have been taking advantage of unpatched systems vulnerable to CVE-2020-3992 and CVE-2021-21974 that, when exploited, can allow remote code execution.

Of the incidents observed thus far, a ransomware-as-a-service (RaaS) group known as Nevada, appears to be responsible ― although their ransom note shares many similarities with Cheerscrypt, a ransomware threat that targeted ESXi in early- to mid-2022.