Ransomware solution for VMware ESX

Updated February 8, 2023.

CISA has released a data recovery script dubbed “ESXiArgs-Recover” in order to help users who have been affected by the massive worldwide ESXiArgs ransomware server attacks on VMWare’s vSphere: GitHub.

Hacker group used a method that we encountered for the first time. A super-intelligence who thinks they can only get paid by encrypting the config files instead of encrypting the VMDK disks where the data is kept. There is currently an encryption campaign targeting ESXi servers, which allows access to data on host systems (Service Location Protocol vulnerabilities). Many people reported that they were able to solve their problems with this method below.


Continue reading

Important Vulnerability in VMware ESXi

There is currently an encryption campaign targeting ESXi servers up to version 7.x via the CVE-2022-31696 vulnerability, which allows access to data on host systems.


Continue reading

Enterprise Cybersecurity challenges in 2023

In 2022, a lot of new variants of ransomware and groups (Ransomware as a Service) have targeted several major organizations and enterprises. New techniques (new features introduced by the notorious “LockBit” group, and a newcomer, “Play” that employs self-propagation techniques) and groups emerged as targeted ransomware attacks double in 2022. Today’s organizations, no matter their size, consist of many digital assets that power and enable businesses. These assets, including websites, information, data, and other forms of an online presence have become the fuel of modern businesses. And they all need to be protected.

Original Network Waves of Data

Continue reading

Kerberos Authentication with Veeam v12

Kerberos Authentication with Veeam v12. NTLM authentication is still mandatory for communication between all Veeam infrastructure servers in v11. However, NTLM authentication is still required for communication between Veeam backup infrastructure servers (backup server, backup proxies, backup repositories, guest interaction proxies, log shipping servers, and mount servers). NTLM was subject to several known security vulnerabilities related to password hashing and salting. Kerberos only will be supported with Veeam Backup & Replication version 12. Veeam B&R v12 will also allow using gMSA Accounts for application-aware processing. These two new features should help you to get better security for all service accounts.


Continue reading

Critical Fortigate VPN SSL Vulnerability – CVE-2022-42475

Updated on Tuesday 13, December – Affected versions.

Critical VPN SSL Vulnerability (FortiOS): Fortinet has just announced a critical vulnerability in all versions. Vulnerabilities that can be easily exploited remotely to compromise firewall or where remote code execution is considered likely in common situations. Manipulate the dynamic resources of some processes, the goal is to divert the working operation. The impact would be arbitrary code or execute unauthorized code or commands.


Continue reading