March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – FormBook Malware – Active IOCs
September 27, 2021Rewterz Threat Advisory – CVE-2021-31606 – OpenVPN Monitor Vulnerability
September 28, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
September 27, 2021Rewterz Threat Advisory – CVE-2021-31606 – OpenVPN Monitor Vulnerability
September 28, 2021
Severity
High
Analysis Summary
Active exploitation of VMware vcenter servers has been detected targeting unpatched VMware vcenter servers. Different ips have been found. The vulnerability affects machines running vCenter Server versions 6.7, and 7.0 VMware urges administrators to act immediately under the assumption that an adversary is already on the network, ready to take advantage.
CVE-2021-22005
VMware vCenter Server and Cloud Foundation could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the Analytics service. A remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
Impact
- Remote Code Execution
- Unauthorized Access
Indicators of Compromise
IP
- 199.249.230.154
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.