What’s known about the ESXiArgs ransomware hitting VMware servers

An initial strain affected thousands of devices before a new variant emerged. The latest burst of attacks hit Saturday.

By Matt Kapko • Feb. 15, 2023

VMware ransomware was on the rise leading up to ESXiArgs spree, research finds

Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.

By Matt Kapko • Feb. 13, 2023

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

VMware ransomware evolves to evade data recovery, reinfects servers

The new ESXiArgs strain has reinfected more than 1,150 VMware servers and represents more than 4 in 5 live infections, according to open-source ransomware data.

By Matt Kapko • Feb. 10, 2023

Unsophisticated ransomware campaign targeting VMware ripe for copycats

Ransomware doesn’t typically hit thousands of potential victims at once. “All of it’s very strange,” one security researcher said.

By Matt Kapko • Feb. 8, 2023

Ransomware attack spree hits thousands of VMware servers

Cyber authorities linked the attacks, dubbed ESXiArgs, to a two-year-old VMware vulnerability. At least 2,250 machines have been compromised.

By Matt Kapko • Feb. 6, 2023

Hive takedown puts ‘small dent’ in ransomware problem

Successful law enforcement actions against ransomware can only do so much. The threat is omnipresent, lucrative and largely in the shadows.

By Matt Kapko • Feb. 6, 2023

T-Mobile CEO spins recent breach, says its cybersecurity chops ‘showed up’

“Our systems and policies protected the most sensitive kinds of customer data,” Mike Sievert said on an earnings call. “We take this issue very seriously.”

By Matt Kapko • Feb. 1, 2023

GitHub resets code signing certificates following breach

The incident closely follows a series of indirect source code repository breaches impacting Slack and Okta.

By Matt Kapko • Feb. 1, 2023

Exchange Server under pressure as opportunistic actors step up attacks

Bitdefender Labs warns threat actors are using the ProxyNotShell/OWASSRF exploit chains to launch attacks.

By David Jones • Jan. 25, 2023

Breach hits GoTo, the parent company of LastPass

Damage caused by a cyberattack on a shared cloud storage service is adding to the fallout for both companies.

By Matt Kapko • Jan. 24, 2023

Los Angeles school system shifts timeline of ransomware attack

Post-breach investigations are complex. The timeline and scope of damage inflicted often change as investigations unfold.

By Matt Kapko • Jan. 24, 2023

Experts question T-Mobile’s security culture as breach cycle churns

The gap between the threat actor’s intrusion and T-Mobile’s detection underscores multiple unresolved challenges.

By Matt Kapko • Jan. 20, 2023

T-Mobile breached again, 37M customer accounts exposed

The incident marks the latest in a series of data breaches, the worst of which occurred in August 2021 and exposed the data of at least 76.6 million people.

By Matt Kapko • Jan. 19, 2023

PayPal warns 35,000 customers of exposure following credential stuffing attack

Impacted customers were notified of the incident nearly a month after it was discovered. It’s unclear where or how customer account credentials were obtained.

By Matt Kapko • Jan. 19, 2023

World Economic Forum officials warn global instability could lead to catastrophic cyber event

A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

By David Jones • Jan. 19, 2023

Mailchimp hit by second cyberattack in 6 months, 133 customers impacted

The social engineering incident is similar to an August cyberattack that targeted customers in the crypto industry.

By David Jones • Jan. 19, 2023

CircleCI probe links malware placed on engineer’s laptop to larger breach

An unauthorized actor, after stealing a valid SSO session, was able to exfiltrate data, including customer environment variables, tokens and keys.

By David Jones • Jan. 13, 2023

Citrix flaw exploited in ransomware attack against small US business

Threat actors linked to ransomware group Royal are actively exploiting a vulnerability in two Citrix products, researchers found.

By David Jones • Jan. 13, 2023

CircleCI working with AWS to identify, revoke keys impacted by security incident

The company assured customers there is no indication that AWS accounts were accessed. CircleCI has scheduled an incident report for Jan. 17.

By David Jones • Jan. 12, 2023

Ransomware attack exposes California transit giant’s sensitive data

Vice Society, a prolific ransomware group, leaked data it claims to have stolen from San Francisco’s Bay Area Rapid Transit.

By Matt Kapko • Jan. 10, 2023

FCC revives push to speed up telecom incident disclosures

Telecom operators are a primary target for threat actors. A change to breach reporting rules is long overdue, one analyst said.

By Matt Kapko • Jan. 10, 2023

Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

The cloud services firm said an investigation found no evidence the attackers read, misused or disseminated customer data or emails.

By David Jones • Jan. 6, 2023

Slack employee tokens stolen, GitHub repository breached

The firm said the threat actor downloaded private code repositories, but none had customer data or the company’s code base.   

By David Jones • Jan. 5, 2023

Freight company Wabtec discloses June cyberattack impacting US, overseas operations

The Pittsburgh-based company began notifications in late December, months after stolen data posted on a LockBit site.

By David Jones • Jan. 4, 2023

Ransomware hit US schools at steady rate in 2022

The true numbers are likely much greater. Not all incidents are publicly disclosed or claimed as such by threat actors on the dark web.

By Matt Kapko • Jan. 4, 2023