Latest news with #VMwareESXi
Forbes
17-05-2025
- Forbes
VMware Hacked As $150,000 Zero-Day Exploit Dropped
Pwn2Own hackers use $150,000 exploit on VMware ESXi. The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having already made the headlines with no less than three zero-days compromising Windows 11 on day one of the hacking competition, day two kept the security surprises well and truly coming. Here's what you need to know. Organizations have had a lot to digest regarding enterprise technology security issues over the last few weeks. What with the U.S. Cybersecurity and Infrastructure Security Agency urging them to ensure they are protected against a high-severity Chrome vulnerability already being exploited in the wild, HTTPBot attackers targeting business Windows networks, and Microsoft confirming a critical 10/10 cloud security vulnerability. You might think that the news of VMware ESXi being hacked using a $150,000 zero-day exploit is the icing on the security nightmare cake, but you couldn't be more wrong. Context is everything, and the context here is the environment in which that zero-day was dropped. Pwn2Own is a twice-yearly hackathon where some of the world's leading hackers come together in friendly competition to see who can hack products and services, within strict time limits, using never-before-seen zero-day exploits, and earn the title Master of PWN. The good news is that this is all above board and legal. Remember that hacking is not a crime, folks, and the products and services being hacked have been submitted by the vendors for the purposes of discovering vulnerabilities before cybercriminals do. In the case of the VMware ESXi zero-day exploit, this was the first time in Pwn2Own's history, stretching back to 2007, that the hypervisor has been successfully exploited. The hacker behind the achievement, Nguyen Hoang Thach, who is part of the STARLabs SG team, was able to deploy a single integer overflow exploit. This earned them a not-too-shabby reward of $150,000 on the spot, as well as 15 valuable points towards the coveted Master of PWN title. I have reached out to Broadcom for a statement regarding the VMware ESXi zero-day at Pwn2Own, and will update this article should one be available.
Tom's Guide
13-05-2025
- Business
- Tom's Guide
M&S customer data was stolen in last month's cyberattack — how to stay safe
The Marks and Spencer (M&S) cyberattack that occurred last month on April 22, 2025 managed to use Scattered Spider social engineering tactics to breach the network, encrypt VMware ESXi virtual machines on the company's servers and then impact business operations for the retailers 1,400 stores so severely that the company has to stop accepting online orders. Now, M&S confirms that additionally customer data was stolen in the cyberattack. Specifically: full names, email addresses, home addresses, phone numbers, dates of birth, online order history, household information, Sparks Pay reference numbers and 'masked' payment card details. BleepingComputer was the first to report that DragonForce ransomware affiliates were responsible for the attacks. Since the breach M&S has been conducting an investigation which revealed the theft of customer data and sensitive personal information. Despite that, M&S CEO, via a letter on the company's Facebook page has said there is no need for customers to take any action. The letter also states there is no evidence that the stolen data has been shared, and there is no evidence that any usable card or payment details were taken. The company said customers have been written to inform them of the details. While all customers with active M&S accounts will be prompted to reset their passwords the next time they attempt to log in using either the website or the app, it's always a good idea to reset a password after a data breach. You can also sign up for one of the best password managers to make sure your passwords are better protected and easy to change as well. Also, an M&S spokesperson warned BleepingComputer that customers might receive emails, calls or texts claiming to be from M&S or asking for personal information like usernames and passwords. M&S customers should be particularly on guard against these types of phishing attempts and should never give out personal information to anyone claiming to be from the company. For added protection, you should also check out some of the best identity theft services as well, which will help protect you against anything that could go wrong like having your identity stolen or losing money to fraud after your data is stolen in a breach. Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Express Tribune
30-04-2025
- Business
- Express Tribune
M&S cyberattack by Scattered Spider halts online orders, disrupts operations
Entrance to a Marks and Spencer store is pictured at the Oxford Street, in London An entrance to a Marks and Spencer store is pictured at the Oxford Street, in London, Britain July 2, REUTERS Listen to article Marks & Spencer (M&S), the UK retail giant, has suffered a major cybersecurity breach attributed to the notorious 'Scattered Spider' ransomware group, leading to widespread operational disruptions. The cyberattack, confirmed last week, has forced M&S to suspend all online orders across its UK, Ireland, and some international platforms. The breach has also disrupted contactless payments, gift card transactions, and click & collect services. According to sources, the attack began in February when hackers stole sensitive credentials by extracting the file, the core of Microsoft Active Directory. This allowed lateral movement across the network. On April 24, the attackers deployed the DragonForce ransomware, targeting M&S's VMware ESXi infrastructure, effectively crippling virtual machines and backend systems. M&S has enlisted the help of cybersecurity firms including CrowdStrike, Microsoft, and Fenix24 to manage the breach and recover operations. Though the company has remained tight-lipped on technical details, industry experts identify Scattered Spider—also known as Octo Tempest and UNC3944—as the likely perpetrators. The group is known for sophisticated social engineering, phishing, MFA bombing, and SIM swapping techniques. Analysts warn that M&S's brand reputation has taken a hit. With roughly one-third of its UK clothing and home goods sales occurring online, the timing—coinciding with seasonal shopping surges—could translate into lost market share. While contactless payments have resumed and some click & collect services are functional, many customers remain frustrated by ongoing issues and lack of clear updates. Despite the setback, retail experts believe M&S's quick acknowledgment and active response may limit long-term damage. However, cybersecurity professionals caution that the evolving tactics of ransomware groups like Scattered Spider underscore the urgent need for stronger digital defenses across all sectors.
