Tag Archive for: Mass

Hackers are mass infecting servers worldwide by exploiting a patched hole

/in


Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word

Getty Images

An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday.

The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardware resources. ESXi is what’s known as a bare-metal, or Type 1, hypervisor, meaning it’s essentially its own operating system that runs directly on server hardware. By contrast, servers running the more familiar Type 2 class of hypervisors, such as VMware’s VirtualBox, run as apps on top of a host operating system. The Type 2 hypervisors then run virtual machines that host their own guest OSes such as Windows, Linux or, less commonly, macOS.

Enter ESXiArgs

Advisories published recently by computer emergency response teams (CERT) in France, Italy, and Austria report a “massive” campaign that began no later than Friday and has gained momentum since then. Citing results of a search on Census, CERT officials in Austria, said that as of Sunday, there were more than 3,200 infected servers, including eight in that country.

“Since ESXi servers provide a large number of systems as virtual machines (VM), a multiple of this number of affected individual systems can be expected,” the officials wrote.

The vulnerability being exploited to infect the servers is CVE-2021-21974, which stems from a heap-based buffer overflow in OpenSLP, an open network-discovery standard that’s incorporated into ESXi. When VMware patched the vulnerability in February 2021, the company warned it could be exploited by a malicious actor with access to the same network segment over port 427. The vulnerability had a severity rating of 8.8 out of a possible 10. Proof-of-concept exploit code and instructions for using it became available a few months later.

Over the weekend, French cloud host OVH said that it doesn’t have the ability to patch the vulnerable servers set up by its customers.

“ESXi OS can only be installed on bare metal servers,” wrote…

Source…

Mass VMware ESXi ransomware attacks target CVE-2021-21974

/in


Security researchers are reporting an explosion in the compromise of VMware ESXi hypervisors with over 500 machines hit by ransomware this weekend — with the automated attacks exploiting CVE-2021-21974.

As The Stack published, some 20 ESXi machines were reportedly being ransomed every hour, with Shodan data showing that the majority were hosted by OVHcloud but the blast radius was expanding rapidly.

Customers in France appeared to initially be worst-affected and the country’s CERT-FR among the first to publish an advisory. The semi-automated attacks may be targeting unpatched and internet-exposed instances using CVE-2021–21974, a VMware ESXi OpenSLP HeapOverflow leading to RCE, CERT-FR suggested.

Whilst VMware’s initial advisory in 2021 for the vulnerablity said that it affects ESXi versions 7.0, 6.7 and 6.5, the attacks also appear to be hitting earlier build versions; some debate continues also as to whether CVE-2021-21974 is the sole mechanism by which exploitation is happening.

Admins should ensure unpatched ESXi servers are firewalled, with no ports exposed. VMware’s earlier mitigation for the vulnerability urged users to 1: Login to the ESXi hosts using an SSH session (such as putty); 2: Stop the SLP service on the ESXi host with this command: /etc/init.d/slpd stop (nb The SLP service can only be stopped when the service is not in use; users can check thh operational state of SLP Daemon: esxcli system slp stats get 3: Run this command to disable the service: esxcli network firewall ruleset set -r CIMSLP -e 0

OVHcloud said February 3: “A wave of attacks is currently targetting ESXi servers. No OVHcloud managed service are impacted by this attack however, since a lot of customers are using this operating system on their own servers, we provide this post as a reference in support to help them in their remediation.

“For Bare Metal customer using ESXi we strongly recommend in emergency :

  • to deactivate the OpenSLP service on the server or to restrict access to only trusted IP addresses (https://kb.vmware.com/s/article/76372)
  • to upgrade you ESXi on the latest security patch

“In a second time, ensure:

  • your data are backed up (on immutable storage?)
  • only necessary…

Source…

Mass. Correction Officer Attacked by Inmate at MCI-Shirley – NBC Boston

/in


Free weights should be removed from maximum and medium security prisons in the Bay State, after a correction officer was “violently assaulted” with gym equipment last week, the Massachusetts Correction Officers Federated Union Executive Board said Tuesday.

Correction Officer Matthew Tidman is on life support after being assaulted by an inmate with a 10-15 pound piece of lead gym equipment last Wednesday at MCI-Shirley, according to the union. The attack was unprovoked, the union said, and happened while the officer was monitoring the gym area. The officer was knocked to the floor, where the inmate allegedly struck him in the head several more times.

The correction officer had to be med flighted to a hospital, after other officers were able to subdue the inmate, the news release said.

The executive board of the union wants the inmate to face prosecution “to the fullest extent of the law to include attempted murder” by the Middlesex District Attorney’s Office, which the union is pushing to conduct a full investigation of the incident alongside Massachusetts State Police.

Additionally, the union’s executive board wants to see an investigation into how “such a violent criminal” was in a medium security prison. Union leaders also want to see free weights removed from medium and maximum security prisons immediately.

MCI-Shirley is a medium and minimum security prison that holds male inmates.

Tidman’s family has released a statement asking for privacy and thanking everyone for the support they’ve received through the ordeal.

“We are so thankful for the attentive and kindhearted hospital staff working day and night to support Matt, as he remains in critical condition fighting for his life,” the statement read, in part.

“Matt’s correctional officer brothers and sisters have shown how they are a united force who supports their own.
Anyone who knows Matt, knows he is a fighter and will never give up. He is the one to always have your back. Aside from being a character that puts a smile on your face, he is a loving son, brother and uncle.”

Source…

Mass. Officials Urge Safety in the Water This Summer – NBC Boston

/in


With the unofficial start of summer quickly approaching, the water becomes a big attraction to cool off, and anyone can disappear in a second.

“Very nerve-wracking,” said Natasha Cacciatore, a mom of two. “You hear horror stories every summer, it’s one of my biggest fears.”

Safety around the water is something she thinks about all the time.

“We play by the rules,” she said. “We make sure there’s an adult around at all times when you go near the water.”

But every summer, perfect beach days too often become tragic, with many drownings taking place in pools, ponds, lakes and the ocean.

In Massachusetts, there were more than 50 drownings in 2021.

“Be a good partner,” said Jeanne Benincasa Thorpe, the state’s undersecretary for homeland security at the Executive Office of Public Safety and Security. “Good steward to those folks who are around you, whether they’re yours or not, we’re all mothers and parents, and I understand that sometimes we lose track, if we see something, say something.”

State officials are reminding people to swim in designated areas only, not to swim alone, and to speak up the moment someone may be missing.

A Memorial Day cookout will probably cost a lot more this year.

Sixteen DCR beaches will be opening up on Saturday with lifeguards on the weekends.

More beaches will open up in the weeks ahead with lifeguards seven days a week.

“We’re excited to invite the public to come out to our waterfronts,” said Stephanie Cooper, acting commissioner of the Massachusetts Department of Conservation and Recreation. “And if people follow the rules, follow the advice, they’ll be safe.”

Source…