1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers have begun scanning for vulnerable VMware vCenter servers

    From TechnologyDaily@1337:1/100 to All on Thu Sep 23 14:45:03 2021
    Hackers have begun scanning for vulnerable VMware vCenter servers

    Date:
    Thu, 23 Sep 2021 13:34:19 +0000

    Description:
    Threat actors are already looking for vCenter Servers that havent yet been patched after yesterdays vulnerability disclosure.

    FULL STORY ======================================================================

    In a not entirely unexpected development, threat actors have started looking for internet-exposed VMware vCenter servers whose admins havent yet patched them against the critical arbitrary file upload vulnerability that was disclosed yesterday .

    The critical security flaw, tracked as CVE-2021-22005 impacts VMwares
    flagship vCenter Server deployments, and could help facilitate remote code execution (RCE) attacks from unauthenticated attackers without requiring user interaction.

    In this era of ransomware it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency
    change and patching as soon as possible," warned Bob Plankers, Technical Marketing Architect at VMware yesterday as he urged vCenter Server admins to apply the patches without delay. These are the best ransomware protection tools Protect your devices with these best antivirus software We've put together a list of the best endpoint protection software

    It seems the threat actors were more attentive, and it wasnt long until the honeypots of threat intelligence company Bad Packets were scanned by
    malicious users looking for unpatched vCenter Servers. Just a matter of time

    Bad Packets later added that the malicious scans of its honeypots revealed that they were based on the workaround information provided by VMware for customers who couldn't immediately patch their appliances.

    Sharing the development, BleepingComputer points out that this isnt the first time threat actors have taken advantage of an admins laxity in patching their vCenter Servers to scan for and attack them soon after a vulnerability is disclosed.

    In fact, there have been a couple of similar incidents this year alone, first in February (based on (based on CVE-2021-21972), and then in May (based on CVE-2021-21985).

    The only saving grace with CVE-2021-22005, at least for now, is that unlike the previously mentioned vulnerabilities, security researchers havent yet caught hold of any exploit code that could capitalize on the bug.

    However, since threat actors are actively scanning for vulnerable servers, chances are they already have a working exploit, or one thats close to completion. In either case, the activity should be enough to convince admins to drop everything and patch their exposed vCenter Servers immediately. Heres our roundup of the best patch management tools

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-have-begun-scanning-for-vulnerable-vmwa re-vcenter-servers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)