|
06 Feb 23
Cyber Threat Roundup
A collection of recent open-source items of interest to the Defense Industrial Base
|
|
Massive ESXiArgs Ransomware Attack Targets VMware ESXi Servers Worldwide
Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by
unauthenticated threat actors in low-complexity attacks. To block incoming attacks, admins have to
disable the vulnerable Service Location Protocol (SLP) service on ESXi hypervisors that haven't yet been updated. CERT-FR strongly recommends applying the patch as soon as possible
but adds that systems left unpatched should also be scanned to look for signs of compromise.
https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/
|
|
Linux Version of Royal Ransomware Targets VMware ESXi Servers
Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. BleepingComputer has been reporting on similar Linux ransomware encryptors released by multiple other gangs, including Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, RansomEXX, and Hive. The new Linux Royal Ransomware variant was discovered by Will Thomas of the Equinix Threat Analysis Center (ETAC), and is executed using the command line.
https://www.bleepingcomputer.com/news/security/linux-version-of-royal-ransomware-targets-vmware-esxi-servers/
|
|
Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT
A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra.The vulnerability is a case of remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet. According to security researcher Kevin Beaumont, there are over 1,000 on-premise instances that are publicly accessible over the internet, a majority of which are located in the U.S.
https://thehackernews.com/2023/02/warning-hackers-actively-exploiting.html
|
|
Atlassian Patches Critical Authentication Flaw in Jira Software
Atlassian has released multiple patches to fix a critical security vulnerability in Jira Service Management Server and Data Center. The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to impersonate other users and obtain unauthorized access to affected instances. The Jira versions affected by the vulnerability are 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1 and 5.5.0. Atlassian has confirmed patches were released for versions 5.3.3, 5.4.2, 5.5.1 and 5.6.0. The company has urged customers to update to the latest patched version to protect their Jira instances from threat actors.
https://www.infosecurity-magazine.com/news/atlassian-patches-critical-flaw/
|
|
|
|
