|
I just read about an attack that targets VMware ESXi hypervisors DIRECTLY.
It owns the system due to some pretty dangerous vulnerabilities and then
runs a python script to encrypt the entire datastores. Would you have
thought that impossible as well? Just because nobody has come forward with
a horror story, doesn't mean that it cannot be done. Having PASE and now
the entire open source utilities in the i means opening up to a lot more
vulnerabilities and attack vectors. If you have Python, for example,
something like this might happen if the user has enough privileges. Are
there privesc affecting PASE or the other utilities that run in PASE? Can
they obtain any privilege that would let them encrypt or trash system files?
Once you start down that rabbit hole, it seems like the hole never end.
The low hanging fruit has already been said by Steve but I would add:
Disable any service not required or used. The smaller the possible attack
surface, the better.
Roberto
On Tue, 19 Jan 2021 at 16:23, Patrik Schindler <poc@xxxxxxxxxx> wrote:
Hello Larry,
Am 19.01.2021 um 19:45 schrieb Ketzes, Larry <lketzes@xxxxxxxxxxx>:
I'd like to know what strategy folks are using for ransomware on Power.
There is no such thing as Ransomware on Power, this seems to be a common
misconception. As soon as you’re offering Windows Shares, Ransomware
running on Windows machines can happily encrypt the content.
:wq! PoC
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.