23 September 2021

Hackers are on the hunt for vulnerable VMware vCenter servers


Hackers are on the hunt for vulnerable VMware vCenter servers

Threat actors are actively scanning the internet in search of VMware vCenter servers vulnerable to a critical arbitrary file upload vulnerability that could lead to remote code execution.

The flaw, tracked as CVE-2021-22005, exists due to insufficient validation of file during file upload within the Analytics service. A remote non-authenticated attacker with network access to port 443/TCP can upload and execute arbitrary file on the server. CVE-2021-22005 impacts any version of vCenter Server 7.0 and vCenter Server 6.7 running on Virtual Appliance (e.g. vCenter Server 6.7 running on Windows is not affected).

According to the infosec company Bad Packets that first reported ongoing scanning activity, “CVE-2021-22005 scanning activity detected from 116[.]48.233.234”. In another message on Twitter the company added that scans are based on the workaround provided by VMware to customers who could not immediately update their appliances.

Earlier this month, multiple security researchers warned that hackers are actively scanning the internet for unprotected Azure Linux-based servers vulnerable to the recently patched OMIGOD flaw in order to deploy cryptomining software or ensnare them into a DDoS botnet.


Back to the list

Latest Posts

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin is active since at least 2016 and is focused on Linux and Solaris servers, only interacting with Windows systems as needed.
20 October 2021
Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Attempted attacks come days after a massive ransomware attack on Hillel Yaffe Medical Center, attributed to the DeepBlueMagic group.
19 October 2021
State-sponsored hackers target orgs in South Asia with custom backdoor

State-sponsored hackers target orgs in South Asia with custom backdoor

Harvester has been observed using both custom malware and publicly available tools, such as Cobalt Strike Beacon and Metasploit, in their attacks.
19 October 2021