Hackers Hit Thousands of Computers

Thousands of computer servers around the world have been targeted by a ransomware hacking attack targeting VMware ESXi servers, Italy’s National Security Agency  (ACN) said, warning organisations to take action to protect their vulnerable systems.

This attack targets unpatched VMare servers and organisations in several countries including Canada, France, US, Finland as well as Italy. ACN director general Roberto Baldoni said that the hacking attack sought to exploit a software vulnerability, adding it was on a massive scale.

VMare has said that it first issued patches in 2021 when it became aware of the threat and is urging customers to use the patches. "Security hygiene is a key component of preventing ransom attacks, and customers who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the two-year-old patch, should take action as directed in the advisory," a representative from VMware said.

Any organisations that were targeted could become locked out of their systems because of the ransomware. Since the first alert this week the ACN been joined by the US national cybersecurity agency, CISA, which has moved swiftly to release a recovery script for organizations that have fallen victim.

CISA:    Reuters:     Bloomberg:      Yahoo.   ITNews:     Livemint:  

You Might Also Read:

Missing Patches Place Security At Risk:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Linux Malware Rates Reach Record Highs
Human Error Is A Hacker's Dream »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

SafeCipher

SafeCipher

At SafeCipher, we pride ourselves on being your single vendor-neutral resource for navigating the complexities of cryptographic data encryption.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Sorenson Capital

Sorenson Capital

Sorenson Capital is a leading venture capital firm focused on investing in early and growth-stage AI, cybersecurity, B2B software, and DevOps & infrastructure companies.

Kloke

Kloke

Kloke specializes in data protection solutions, focusing on securing information over locations.