Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story. [TechWeb]( Follow Dark Reading: [RSS]( February 08, 2023 LATEST SECURITY NEWS & COMMENTARY [Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks]( The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story. [Fresh, Buggy Clop Ransomware Variant Targets Linux Systems]( For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change. ['Money Lover' Finance App Exposes User Data]( A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app. [Backdoor in Dingo Cryptocurrency Allows Creator to Steal (Nearly) Everything]( A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds. [DPRK Using Unpatched Zimbra Devices to Spy on Researchers]( Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers. [New Banking Trojan Targeting 100M Pix Payment Platform Accounts]( New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say. [Optimizing Cybersecurity Investments in a Constrained Spending Environment]( Three ways to stay safe in an economically uncertain 2023. [With TikTok Bans, the Time for Operational Governance Is Now]( Emerging risks and trends need to be monitored, but cybersecurity challenges can be fixed with a focus on the fundamentals. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread]( The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign. [How Cybercriminals Are Operationalizing Money Laundering and What to Do About It]( It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide. [Patching & Passwords Lead the Problem Pack for Cyber-Teams]( Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies. [MORE]( EDITORS' CHOICE [Crypto Drainers Are Ready to Ransack Investor Wallets]( Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors. LATEST FROM THE EDGE [5 Ways to Survive Scam Season — or Rather, Tax Season]( Security pros need to look beyond user education to find and disarm fraudulent actors. LATEST FROM DR TECHNOLOGY [Cloud Apps Still Demand Way More Privileges Than They Use]( Hackers can't steal a credential that doesn't exist. WEBINARS - [The Importance of Bespoke Security]( In this webinar, you will hear from our subject matter experts, Hanah Darley, Head of Threat Research and Toby Lewis, Global Head of Threat Analysis. The discussion will cover the difference between media coverage of cyber threats compared with the ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [DataDome's Inaugural E-Commerce Holiday Bot & Online Fraud Report Reveals the U.S. as the Top Source of Bot Attacks]( [Industrial Cybersecurity Innovator Opscura Receives $9.4M in Series A Funding as Critical Operations Transform]( [Coalfire Compliance Essentials Optimized for Automated Evidence Collection]( [Intel 471 Announces Powerful and Scalable Attack Surface Protection Solution Suite]( [Valtix Survey: 95% of Organizations Say Multi-cloud Is a 'Strategic Priority' but Only 58% Have the Security Architecture to Support It]( [Infosec Launches New Office Comedy Themed Security Awareness Training Series]( [Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security]( [ARMO Integrates ChatGPT to Help Users Secure Kubernetes]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)