Wspólny event z VMware – Ransomware ESXiArgs i dobre praktyki ochrony środowisk wirtualnych VMware

Od pewnego czasu prosiliście nas o wspólny event z VMware związany z obsługą ostatnich incydentów ransomware atakujących systemy ESXi (również w Polsce). Słuchamy Was, więc już 9 marca o godzinie 19:00, robimy wspólnie live streama 😊 Spotkanie robimy w modelu „płać ile chcesz”. Możecie wbić całkowicie za darmo, ale każde wsparcie...

#WBiegu #Esxiargs #Pich #Szkolenie #Vmware #Webinar
https://sekurak.pl/wspolny-event-z-vmware-ransomware-esxiargs-i-dobre-praktyki-ochrony-srodowisk-wirtualnych-vmware/

RT @ValeryMarchive
🧐Vous avez aimé la campagne #ESXiArgs ? Dites-vous que c'est loin d'être la seule menace de type #ransomware qui pèse sur vos serveurs de virtualisation @VMware.
Inventaire dans @LeMagIT 👇 https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi

😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi

Must be a #GDPR breach in almost every case 🤦🏻‍♂️ “Two years later, the #ESXiArgs hackers have found a way to scan the internet to find VMware customers who — either through incompetence, laziness or plain ignorance — had yet to patch their networks, and seized control of thousands of them.” #Nevada
https://on.ft.com/3IKRth4

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs

🗞️ Weekly #infosec Shared Links newsletter for week 07/2023 is out! Read, like, and subscribe below.

It includes, but not only:

• #FBI is investigating a cybersecurity incident on its network
• #GoDaddy: Hackers stole source code, installed #malware in multi-year breach
• Scandinavian Airlines says cyberattack caused passenger #dataleak
• #Atlassian says recent data leak stems from third-party vendor hack
• Critical RCE Vulnerability Discovered in #ClamAV Open Source Antivirus Software
• #SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities
• North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware
• 9 New #Microsoft Bugs to Patch Now
• Proof of Concept by the #Qualys Security Advisory Team, exploiting the double-free vulnerability in #OpenSSH server
• #Ransomware hits Technion university, protests tech layoffs and Israel
• New #ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

#cybersecurity

https://0x58.substack.com/p/my-shared-links-week-072023

Over 500 #ESXiArgs #Ransomware infections in one day, but they dropped the day after
https://securityaffairs.com/142336/cyber-crime/esxiargs-ransomware-infections.html
#securityaffairs #malware

There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption

After an approximately 3-fold increase in #ransomware targeting ESXi between 2021 and 2022, and the recent #ESXiArgs campaign raging globally, this report comes very timely, identifying and describing #detections for various TTPs seen prior to the dropping of the payload: https://www.recordedfuture.com/in-before-the-lock-esxi

This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

Happy reading, and happy Monday!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

Le rançongiciel ESXiArgs évolue et accroît l’urgence pour les administrateurs système d’implémenter les correctifs rapidement après leur publication, lesquels correctifs ne sont qu’une ligne de défense supplémentaire.
https://fr.techtribune.net/securite/une-nouvelle-variante-esxiargs-ransomware-emerge-apres-la-publication-de-loutil-de-decryptage-par-cisa/586135/
#Cybercriminalité #rançongiciel #ESXiArgs #OVH #Cybersécurité

Le rançongiciel ESXiArgs évolue et accroît l’urgence pour les administrateurs système d’implémenter les correctifs rapidement après leur publication, lesquels correctifs ne sont qu’une ligne de défense supplémentaire.
https://fr.techtribune.net/securite/une-nouvelle-variante-esxiargs-ransomware-emerge-apres-la-publication-de-loutil-de-decryptage-par-cisa/586135/
#Cybercriminalité #rançongiciel #ESXiArgs #OVH #Cybersécurité

#ESXiArgs #Ransomware Virtual Machine Recovery Guidance https://www.cisa.gov/uscert/ncas/alerts/aa23-039a

#VMware #ESXi

VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

Check out the link below for more!

https://www.runzero.com/blog/finding-vmware-esxi-assets/?utm_source=mastodon&utm_medium=social&utm_campaign=rapidresponse-esxi

#vmware #esxiargs #ransomware #cybersecurity

Having worked in IT for K-12 schools, things like the #ESXiArgs cyberattack would keep me up at night.

https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/

#ESXiArgs : la #CISA met à disposition un #script de récupération pour les machines virtuelles sous la coupe du #ransomware !

https://blog.sosordi.net/2023/02/esxiargs-la-cisa-met-a-disposition-un-script-de-recuperation-pour-les-machines-virtuelles-sous-la-coupe-du-ransomware.html

#securite #chiffrement #dechiffrement

Whether CVE-2021-21974 is the culprit or not, the #ESXiArgs attacks have put a spotlight on hypervisor patching challenges and other issues. https://www.techtarget.com/searchsecurity/news/365530777/Hypervisor-patching-struggles-exacerbate-ESXiArgs-attacks

Censys throws cold water on CVE-2021-21974 being the attack method for #esxiargs. "As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running." https://censys.wpengine.com/esxwhy-a-look-at-esxiargs-ransomware/

RT @ValeryMarchive
🚨Vous aviez aimé #ESXiArgs première vague ? Vous allez beaucoup moins goûter la seconde : tout est fait pour casser les méthodes de récupération trouvées précédemment. C'est moins gentil du coup. #cyberattaque #ransomware poke @_SaxX_ @S0ufi4n3 @onyphe https://www.lemagit.fr/actualites/365530753/ESXiArgs-le-ransomware-revient-avec-une-nouvelle-version

I just went back and looked at the Telecom Italia #TIM outage, as the false rumour it was #ESXiArgs keeps popping up.

Reality - if you look at their ASN, they did a million BGP announcements at the exact time out the outage, and managed to de-peer themselves.