vmware (3)

12558099855?profile=RESIZE_400xGregg Lowe is feeling thoroughly happy about his technology buying decisions.  A couple of years back, the CIO of Boyd Gaming, operator of 28 hotel and casino properties across the US states, was hip-deep in negotiations for a fresh enterprise agreement with VMware prior to its acquisition by Broadcom.  Nutanix, which offers its own AHV hypervisor for free with its stack, was also present within the company, meaning Boyd could be paying for hypervisors it didn't need.  So the company decided to

10960040875?profile=RESIZE_400xOur friends at the State of NJ, NJCCIC has provided a valuable alert - Vulnerable VMware ESXi Servers Targeted in Ransomware Attacks.  

Ransomware groups are actively exploiting a 2-year-old heap-overflow vulnerability, CVE-2021-21974 (CVSS v3.1 8.8), affecting OpenSLP used in VMware ESXi servers for versions 6.x and prior to 6.7, though threat actors may be leveraging other vulnerabilities or attack vectors, as earlier builds of ESXi appear to have also been compromised.  European cybersecurity

8627829869?profile=RESIZE_400xRecent reporting by CrowdStrike indicates that two productive cybercrime threat groups, Carbon Spider (CS) and Sprite Spider (SS) are spreading hate and discontent against VMware’s ESXi.

ESXi is a Type-1 hypervisor (also known as a “bare-metal” hypervisor) developed by VMware.  A hypervisor is software that runs and manages virtual machines (VMs).  In contrast to Type-2 hypervisors that run on a conventional host operating system, a Type-1 hypervisor runs directly on a dedicated host’s hardware.