home.social

#esxiargs — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #esxiargs, aggregated by home.social.

  1. 😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
    Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
    Spoiler: elles sont nombreuses.
    lemagit.fr/conseil/Ce-que-lon-

  2. 😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
    Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
    Spoiler: elles sont nombreuses.
    lemagit.fr/conseil/Ce-que-lon-

  3. 😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
    Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
    Spoiler: elles sont nombreuses.
    lemagit.fr/conseil/Ce-que-lon-

  4. 😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
    Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
    Spoiler: elles sont nombreuses.
    lemagit.fr/conseil/Ce-que-lon-

  5. There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
    #security #cisa #esxiargs #encryption

  6. There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
    #security #cisa #esxiargs #encryption

  7. There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
    #security #cisa #esxiargs #encryption

  8. There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
    #security #cisa #esxiargs #encryption

  9. There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
    #security #cisa #esxiargs #encryption

  10. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  11. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  12. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  13. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  14. This week's newsletter is hot off the press, get it here: opalsec.substack.com/p/soc-gou

    The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

    PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

    Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

    #RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

    #BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

    Happy reading, and happy Monday!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

  15. VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

    Check out the link below for more!

    runzero.com/blog/finding-vmwar

    #vmware #esxiargs #ransomware #cybersecurity

  16. VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

    Check out the link below for more!

    runzero.com/blog/finding-vmwar

    #vmware #esxiargs #ransomware #cybersecurity

  17. VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

    Check out the link below for more!

    runzero.com/blog/finding-vmwar

    #vmware #esxiargs #ransomware #cybersecurity

  18. VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

    Check out the link below for more!

    runzero.com/blog/finding-vmwar

    #vmware #esxiargs #ransomware #cybersecurity

  19. VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

    Check out the link below for more!

    runzero.com/blog/finding-vmwar

    #vmware #esxiargs #ransomware #cybersecurity

  20. Whether CVE-2021-21974 is the culprit or not, the #ESXiArgs attacks have put a spotlight on hypervisor patching challenges and other issues. techtarget.com/searchsecurity/

  21. Censys throws cold water on CVE-2021-21974 being the attack method for #esxiargs. "As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running." censys.wpengine.com/esxwhy-a-l

  22. We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

    🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
    ➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
    ➡️ Encryption of additional data, rendering existing decryption tools ineffective

    🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

    🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

    censys.io/esxwhy-a-look-at-esx

    #censys #threatResearch #CTI

  23. We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

    🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
    ➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
    ➡️ Encryption of additional data, rendering existing decryption tools ineffective

    🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

    🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

    censys.io/esxwhy-a-look-at-esx

    #censys #threatResearch #CTI

  24. We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

    🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
    ➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
    ➡️ Encryption of additional data, rendering existing decryption tools ineffective

    🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

    🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

    censys.io/esxwhy-a-look-at-esx

    #censys #threatResearch #CTI

  25. We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

    🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
    ➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
    ➡️ Encryption of additional data, rendering existing decryption tools ineffective

    🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

    🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

    censys.io/esxwhy-a-look-at-esx

    #censys #threatResearch #CTI

  26. We've been tracking the #ESXiArgs #ransomware for the last few days, here's what we've seen so far :

    🔎 We’ve observed a new variant of ESXiArgs emerge over the last 24 hours. Key updates to this version include:
    ➡️ A new ransom note with no #BTC addresses–making it more difficult for researchers to track payments
    ➡️ Encryption of additional data, rendering existing decryption tools ineffective

    🔎 In the last few days, we’ve seen just over 3,800 unique hosts compromised, and 1,800 which are online currently. Over the last 24 hours, just over 900 hosts have upgraded to the latest ransomware variant.

    🔎 As we reported yesterday, OpenSLP does not appear to be the method of attack, given that multiple compromised hosts did not have SLP running.

    censys.io/esxwhy-a-look-at-esx

    #censys #threatResearch #CTI

  27. The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
    intel471.com/blog/an-analysis- #infosec

  28. The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
    intel471.com/blog/an-analysis- #infosec

  29. The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
    intel471.com/blog/an-analysis- #infosec

  30. The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
    intel471.com/blog/an-analysis- #infosec

  31. The #ESXiArgs mass VMware ransomware attack has notable characteristics: 1) It's automated 2) Apparently no exfiltration 3) No leak site by the group 4) Some repeated bitcoin addresses 5) Re-use of Babuk code (with changes) plus more. Some observations from Intel 471. (Caution! This is rapidly moving story, and @BleepingComputer has some of the latest developments)
    intel471.com/blog/an-analysis- #infosec

  32. If you are affected by the recent (and on-going) wave of cryptolocks which attacked #ESXi Servers (aka #ESXiArgs), #CISA has released a recovery script to undo what the miscreants did.

    Please take a look and pass it along

    www-bleepingcomputer-com.cdn.a

  33. If you are affected by the recent (and on-going) wave of cryptolocks which attacked #ESXi Servers (aka #ESXiArgs), #CISA has released a recovery script to undo what the miscreants did.

    Please take a look and pass it along

    www-bleepingcomputer-com.cdn.a

  34. If you are affected by the recent (and on-going) wave of cryptolocks which attacked #ESXi Servers (aka #ESXiArgs), #CISA has released a recovery script to undo what the miscreants did.

    Please take a look and pass it along

    www-bleepingcomputer-com.cdn.a