#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

ESXi Server | Breaking Cybersecurity News | The Hacker News

Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems

Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
May 11, 2023 Server Security / Ransomware
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems. "These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte  said  in a report shared with The Hacker News. "Leaked source code enables actors to target Linux systems when they may otherwise lack expertise to build a working program." A number of  cybercrime groups , both big and small, have set their sights on ESXi hypervisors. What's more, at least three different ransomware strains –  Cylance ,  Rorschach  (aka BabLock), and  RTM Locker  – that have emerged since the start of the year are based on the leaked Babuk source code. SentinelOne's latest analysis shows that this phenomenon is more common, with the cybersecurity company identifyi

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
Feb 07, 2023 Endpoint Security / Zero-Day
VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an  ongoing ransomware attack spree  worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware Security Advisories (VMSAs)," the virtualization services provider  said . The company is further recommending users to upgrade to the latest available supported releases of vSphere components to mitigate known issues and  disable the OpenSLP service  in ESXi. "In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default," VMware added. The announcement comes as unpatched and unsecured VMware ESXi servers around the world have been targeted in a  large-scale   ransomware campaign  dubbed ESXiArgs by likely exploiting a two-year-old bug VMware p

external linkWing Security Launches Free SaaS Discovery Tool to Tackle Shadow IT Risks

SaaS
websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.
Cybersecurity Resources