More than 500 VMware ESXi servers across Europe have been infected with the ESXiArgs ransomware between Feb. 11 and 12 but questions remain on the vulnerability targeted by attackers, according to SecurityWeek.
Censys researchers discovered two servers with ransom notes similar to those leveraged in attacks last October before being updated on Jan. 31 to resemble those being used in the ongoing attacks. All ransom notes were found to resemble those issued in Cheerscrypt ransomware attacks against ESXi servers last spring.
While most ESXiArgs attacks are believed to have involved the exploitation of CVE-2021-21974, threat actors may have also leveraged CVE-2019-5544 and CVE-2020-3992 in the attacks, noted GreyNoise.
"VMware currently has no evidence to support that a new vulnerability is being used to propagate recent ransomware attacks, but there is also no evidence that CVE-2021-21974 is the only attack vector, either. The media has speculated about the involvement of CVE-2022-31699, CVE-2021-21995, CVE-2021-21974, CVE-2020-3992, and CVE-2019-5544 but it is very likely that the attackers are using any vulnerability that is accessible to them. VMware is continuing to investigate," said VMware.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.