The Topic view for WPID= simulated rendering in new page.

Visual layout may differ depending on browser and as rendered by Older view in Website

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

ItemDate=2023-03-05 16:30:58 Status=publish


#News(Security) [ via IoTGroup ]

Last week multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability.And yet Rapid7 research has found that a significant number of ESXi servers likely remain vulnerable.

We believe with high confidence that there are at least 18 581 vulnerable internet-facing ESXi servers at the time of this writing.We leverage the TLS certificate Recog signature to determine that a particular server is a legitimate ESXi server.Then after removing likely honeypots from the results we checked the build ids of the scanned servers against a list of vulnerable build ids.

We have also observed additional incidents targeting ESXi servers unrelated to the ESXiArgs campaign that possibly also leverage CVE-2021-21974.RansomExx2—a relatively new strain of ransomware written in Rust and targeting Linux has been observed exploiting vulnerable ESXi servers.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released a ransomware decryptor to help victims recover from ESXiArgs attacks.The script works by allowing users to unregister virtual machines that have been encrypted by the ransomware and re-register them with a new configuration file.The main benefit of the decryptor script is that it enables users to bring virtual machines back to a working state while data restore from backup occurs in the background.

This is particularly useful for users of traditional backup tools without virtualization-based disaster recovery capabilities.Deny access to servers.Some victims of these attacks had these servers exposed to the open internet but could have gotten just as much business value out of them by restricting access to allowlisted IP addresses.If you are running an ESXi server or any server default to denying access to that server except from trusted IP space.Patch vulnerable ESXi Servers.VMware issued a patch

Read More..
AutoTextExtraction by Working BoT using SmartNews 1.03976805238 Build 04 April 2020

Footer info Your browser may cache and not show current data. On windows use CNTRL+F5 key and on Mac Shift+Refresh(browser). See more details. You may need to rotate small screen phones to landscape mode for using some menu or some views.You may contact us here if needed.