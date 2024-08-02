Ransomware, Patch/Configuration Management, Vulnerability Management

Many VMware ESXi instances remain vulnerable to actively exploited bug

Share
VMware company brand logo on official website

(Adobe Stock)

SecurityWeek reports that over 20,000 internet-exposed VMware ESXi hypervisors continue to be impacted by the actively exploited medium-severity authentication bypass vulnerability, tracked as CVE-2024-37085, by the end of July, one week after patches were issued by VMware.

Despite the elevated detections, workarounds may have already been applied in some VMware ESXi instances, according to The Shadowserver Foundation. Shadowserver's findings come after Microsoft reported the flaw to be leveraged by several ransomware operations to obtain admin privileges in vulnerable VMware ESXi hypervisors and eventually facilitate Akira and Black Basta ransomware infections. "Successful exploitation leads to full administrative access to the ESXi hypervisors, allowing threat actors to encrypt the file system of the hypervisor, which could affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network," said Microsoft.

Related

Infostealing PyPI packages spread through StackExchange

Threat actors who created StackExchange accounts commented on popular threads with high-quality answers that included links to the packages, including 'spl-types,' 'sol-structs,' 'sol-instruct,' 'raydium,' and 'raydium-sdk,' which facilitated the download of scripts enabling browser, messaging app, and cryptocurrency wallet data exfiltration.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.