#esxiargs — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #esxiargs, aggregated by home.social.
-
😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi -
😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi -
😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi -
😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi -
If you're planning on running a single hosted baremetal ESXi server on the internet and want to avoid being caught by the next ESXiArgs, here’s a quick how-to:
https://infrageeks.com/post/2023-02-22.how-to-safely-run-esxi-on-the-internet/
https://infrageeks.com/post/2023-02-23.how-to-safely-run-esxi-on-the-internet-part-2/
-
If you're planning on running a single hosted baremetal ESXi server on the internet and want to avoid being caught by the next ESXiArgs, here’s a quick how-to:
https://infrageeks.com/post/2023-02-22.how-to-safely-run-esxi-on-the-internet/
https://infrageeks.com/post/2023-02-23.how-to-safely-run-esxi-on-the-internet-part-2/
-
If you're planning on running a single hosted baremetal ESXi server on the internet and want to avoid being caught by the next ESXiArgs, here’s a quick how-to:
https://infrageeks.com/post/2023-02-22.how-to-safely-run-esxi-on-the-internet/
https://infrageeks.com/post/2023-02-23.how-to-safely-run-esxi-on-the-internet-part-2/
-
If you're planning on running a single hosted baremetal ESXi server on the internet and want to avoid being caught by the next ESXiArgs, here’s a quick how-to:
https://infrageeks.com/post/2023-02-22.how-to-safely-run-esxi-on-the-internet/
https://infrageeks.com/post/2023-02-23.how-to-safely-run-esxi-on-the-internet-part-2/
-
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs -
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs -
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs -
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs -
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption -
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption -
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption -
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption -
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption -
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
-
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
-
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
-
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
-
This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.
PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.
Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.
#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.
#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques
Happy reading, and happy Monday!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi
-
VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.
Check out the link below for more!
-
VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.
Check out the link below for more!
-
VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.
Check out the link below for more!
-
VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.
Check out the link below for more!
-
VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.
Check out the link below for more!
-
Whether CVE-2021-21974 is the culprit or not, the #ESXiArgs attacks have put a spotlight on hypervisor patching challenges and other issues. https://www.techtarget.com/searchsecurity/news/365530777/Hypervisor-patching-struggles-exacerbate-ESXiArgs-attacks
-
Censys throws cold water on CVE-2021-21974 being the attack method for #esxiargs. "As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running." https://censys.wpengine.com/esxwhy-a-look-at-esxiargs-ransomware/
-
We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :
🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.
🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.
-
We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :
🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.
🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.
-
We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :
🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.
🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.
-
We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :
🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.
🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.
-
We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :
🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
➡️ Encryption of additional data, rendering existing decryption tools ineffective🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.
🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.
-
Nice #GreyNoise article on finding #ESXiArgs attacks as well as stats.
https://www.greynoise.io/blog/exploit-vector-analysis-of-emerging-esxiargs-ransomware -
Nice #GreyNoise article on finding #ESXiArgs attacks as well as stats.
https://www.greynoise.io/blog/exploit-vector-analysis-of-emerging-esxiargs-ransomware -
Nice #GreyNoise article on finding #ESXiArgs attacks as well as stats.
https://www.greynoise.io/blog/exploit-vector-analysis-of-emerging-esxiargs-ransomware -
Nice #GreyNoise article on finding #ESXiArgs attacks as well as stats.
https://www.greynoise.io/blog/exploit-vector-analysis-of-emerging-esxiargs-ransomware -
Nice #GreyNoise article on finding #ESXiArgs attacks as well as stats.
https://www.greynoise.io/blog/exploit-vector-analysis-of-emerging-esxiargs-ransomware -
The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
https://intel471.com/blog/an-analysis-of-the-vmware-esxi-ransomware-blitz #infosec -
The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
https://intel471.com/blog/an-analysis-of-the-vmware-esxi-ransomware-blitz #infosec -
The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
https://intel471.com/blog/an-analysis-of-the-vmware-esxi-ransomware-blitz #infosec -
The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
https://intel471.com/blog/an-analysis-of-the-vmware-esxi-ransomware-blitz #infosec -
The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
https://intel471.com/blog/an-analysis-of-the-vmware-esxi-ransomware-blitz #infosec -
New #ESXiArgs #ransomware version prevents VMware ESXi recovery <-- Via Pythagoras Abrams aka @lawrenceabrams
-
New #ESXiArgs #ransomware version prevents VMware ESXi recovery <-- Via Pythagoras Abrams aka @lawrenceabrams
-
New #ESXiArgs #ransomware version prevents VMware ESXi recovery <-- Via Pythagoras Abrams aka @lawrenceabrams