Ransomware operators exploit simple flaw in VMware ESXi to launch attacks

Now-patched bug allowed attackers to circumvent Microsoft AD authentication checks

John Leonard
clock • 2 min read
Ransomware operators exploit simple flaw in VMware ESXi to launch attacks
Image:

Ransomware operators exploit simple flaw in VMware ESXi to launch attacks

A number of ransomware groups have been observed exploiting a vulnerability in vSphere ESXi, VMware's bare metal hypervisor.

Bizarrely, the attack was as simple as creating a Microsoft Active Directory (AD) group called "ESX Admins", which was allowed for users with limited domain-level permissions. Adding users to that ...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
CMA clears Microsoft's deal with Inflection AI

Legislation and Regulation

CMA clears Microsoft's deal with Inflection AI

But still calls it a merger

clock 05 September 2024 • 3 min read
British Library issues £400,000 tender to rebuild after cyberattack

Strategy

British Library issues £400,000 tender to rebuild after cyberattack

Library still working to recover data, almost one year on

clock 27 August 2024 • 2 min read
Controversial Microsoft Recall gets October release date

Office Software

Controversial Microsoft Recall gets October release date

'Security continues to be our top priority,' says Microsoft

clock 23 August 2024 • 2 min read
John Leonard
Author spotlight

John Leonard

View profile
More from John Leonard

UK and allies reveal methodology of Russian GRU threat actor Unit 29155

Elastic returns to the open source fold

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Threats and Risks

UK and allies reveal methodology of Russian GRU threat actor Unit 29155
Threats and Risks

UK and allies reveal methodology of Russian GRU threat actor Unit 29155

Group has targeted organisations including governments and critical infrastructure providers for espionage purposes

John Leonard
John Leonard
clock 06 September 2024 • 2 min read
Veeam patches critical flaws, urges users to update
Threats and Risks

Veeam patches critical flaws, urges users to update

The most concerning glitch affects VBR software

Dev Kundaliya
clock 06 September 2024 • 2 min read
Researchers ID security risks in GenAI development platforms
Threats and Risks

Researchers ID security risks in GenAI development platforms

Exposes sensitive company data

Dev Kundaliya
clock 29 August 2024 • 2 min read