sekurak News · @sekurakbot
30 followers · 232 posts · Server mastodon.com.pl

Wspólny event z VMware – Ransomware ESXiArgs i dobre praktyki ochrony środowisk wirtualnych VMware

Od pewnego czasu prosiliście nas o wspólny event z VMware związany z obsługą ostatnich incydentów ransomware atakujących systemy ESXi (również w Polsce). Słuchamy Was, więc już 9 marca o godzinie 19:00, robimy wspólnie live streama 😊 Spotkanie robimy w modelu „płać ile chcesz”. Możecie wbić całkowicie za darmo, ale każde wsparcie...


sekurak.pl/wspolny-event-z-vmw

#wbiegu #esxiargs #pich #szkolenie #vmware #webinar

Last updated 2 years ago

Renaud Lifchitz :verified: · @nono2357
258 followers · 1635 posts · Server infosec.exchange

RT @ValeryMarchive
🧐Vous avez aimé la campagne ? Dites-vous que c'est loin d'être la seule menace de type qui pèse sur vos serveurs de virtualisation @VMware.
Inventaire dans @LeMagIT 👇 lemagit.fr/conseil/Ce-que-lon-

#esxiargs #ransomware

Last updated 2 years ago

😬 Vous avez aimé la campagne de avec le dit ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à . 🔽
Spoiler: elles sont nombreuses.
lemagit.fr/conseil/Ce-que-lon-

#cyberattaques #ransomware #esxiargs #esxi

Last updated 2 years ago

Ian Brown :fedi: · @1br0wn
1896 followers · 1498 posts · Server eupolicy.social

Must be a breach in almost every case 🤦🏻‍♂️ “Two years later, the hackers have found a way to scan the internet to find VMware customers who — either through incompetence, laziness or plain ignorance — had yet to patch their networks, and seized control of thousands of them.”
on.ft.com/3IKRth4

#gdpr #esxiargs #nevada

Last updated 2 years ago

Scripter :verified_flashing: · @scripter
200 followers · 843 posts · Server social.tchncs.de

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
thehackernews.com/2023/02/esxi

#esxiargs #ransomware #malware

Last updated 2 years ago

🗞️ Weekly Shared Links newsletter for week 07/2023 is out! Read, like, and subscribe below.

It includes, but not only:

  • is investigating a cybersecurity incident on its network
  • : Hackers stole source code, installed in multi-year breach
  • Scandinavian Airlines says cyberattack caused passenger
  • says recent data leak stems from third-party vendor hack
  • Critical RCE Vulnerability Discovered in Open Source Antivirus Software
  • ’s February 2023 Security Updates Patch High-Severity Vulnerabilities
  • North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware
  • 9 New Bugs to Patch Now
  • Proof of Concept by the Security Advisory Team, exploiting the double-free vulnerability in server
  • hits Technion university, protests tech layoffs and Israel
  • New Ransomware Variant Emerges After CISA Releases Decryptor Tool

0x58.substack.com/p/my-shared-

#infosec #fbi #godaddy #malware #dataleak #atlassian #clamav #sap #microsoft #qualys #openssh #ransomware #esxiargs #cybersecurity

Last updated 2 years ago

securityaffairs · @securityaffairs
433 followers · 348 posts · Server infosec.exchange
acrypthash👨🏻‍💻 · @acrypthash
300 followers · 282 posts · Server infosec.exchange

There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!

#security #cisa #esxiargs #encryption

Last updated 2 years ago

After an approximately 3-fold increase in targeting ESXi between 2021 and 2022, and the recent campaign raging globally, this report comes very timely, identifying and describing for various TTPs seen prior to the dropping of the payload: recordedfuture.com/in-before-t

#ransomware #esxiargs #detections

Last updated 2 years ago

Opalsec :verified: · @Opalsec
117 followers · 59 posts · Server infosec.exchange

This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

The escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

Proofpoint have unveiled , a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

members might find the BokuLoader Reflective Loader for useful in their next engagements, as well as - the latest PrivEsc technique to join the Potato family.

- check out a list of resources that popped up last week to help analyse malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

Happy reading, and happy Monday!

opalsec.substack.com/p/soc-gou

#esxiargs #ta866 #redteam #cobaltstrike #localpotato #blueteam #AsyncRAT #infosec #cyberattack #hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #vmware #esxi

Last updated 2 years ago

Eric MARLIERE · @Ouaibs
34 followers · 23 posts · Server infosec.exchange

Le rançongiciel ESXiArgs évolue et accroît l’urgence pour les administrateurs système d’implémenter les correctifs rapidement après leur publication, lesquels correctifs ne sont qu’une ligne de défense supplémentaire.
fr.techtribune.net/securite/un

#cybercriminalite #rancongiciel #esxiargs #ovh #cybersecurite

Last updated 2 years ago

Eric MARLIERE · @Ouaibs
34 followers · 22 posts · Server infosec.exchange

Le rançongiciel ESXiArgs évolue et accroît l’urgence pour les administrateurs système d’implémenter les correctifs rapidement après leur publication, lesquels correctifs ne sont qu’une ligne de défense supplémentaire.
fr.techtribune.net/securite/un

#cybercriminalite #rancongiciel #esxiargs #ovh #cybersecurite

Last updated 2 years ago

Antonio Pardo Sánchez · @apardo
30 followers · 235 posts · Server techhub.social
runZero, Inc · @runZeroInc
89 followers · 27 posts · Server infosec.exchange

VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

Check out the link below for more!

runzero.com/blog/finding-vmwar

#vmware #esxiargs #ransomware #cybersecurity

Last updated 2 years ago

Shane Pinnell · @shane_pinnell
124 followers · 48 posts · Server educhat.social

Having worked in IT for K-12 schools, things like the cyberattack would keep me up at night.

bleepingcomputer.com/news/secu

#esxiargs

Last updated 2 years ago

Rob Wright · @robwright
21 followers · 32 posts · Server infosec.exchange

Whether CVE-2021-21974 is the culprit or not, the attacks have put a spotlight on hypervisor patching challenges and other issues. techtarget.com/searchsecurity/

#esxiargs

Last updated 2 years ago

Rob Wright · @robwright
21 followers · 32 posts · Server infosec.exchange

Censys throws cold water on CVE-2021-21974 being the attack method for . "As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running." censys.wpengine.com/esxwhy-a-l

#esxiargs

Last updated 2 years ago

Renaud Lifchitz :verified: · @nono2357
250 followers · 999 posts · Server infosec.exchange

RT @ValeryMarchive
🚨Vous aviez aimé première vague ? Vous allez beaucoup moins goûter la seconde : tout est fait pour casser les méthodes de récupération trouvées précédemment. C'est moins gentil du coup. poke @_SaxX_ @S0ufi4n3 @onyphe lemagit.fr/actualites/36553075

#esxiargs #cyberattaque #ransomware

Last updated 2 years ago

Kevin Beaumont · @GossiTheDog
24330 followers · 718 posts · Server cyberplace.social

I just went back and looked at the Telecom Italia outage, as the false rumour it was keeps popping up.

Reality - if you look at their ASN, they did a million BGP announcements at the exact time out the outage, and managed to de-peer themselves.

#tim #esxiargs

Last updated 2 years ago