VMware ESXi hypervisor vulnerability grants full admin privileges
- by nlqip
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor.
The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, after they gained access to a network, to deploy ransomware.
“While there are worse things that could happen in the weeks leading up to your marquee customer and partner event, a vulnerability announcement based on an exploit that was actually seen in the wild, well, that’s certainly up there,” observed John Annand, research practice lead at Info-Tech Research Group. “So, Broadcom, and Microsoft for that matter, are yet again forced to spend more time and effort on reassuring rather than inspiring customers.”
Source link
lol
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such…
Recent Posts
- Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
- Healthcare Ransomware Attacks: How to Prevent and Respond Effectively | BlackFog
- Black Friday Versus The Bots
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs
- Chinese hackers target Linux with new WolfsBane malware