VMware Patches ESXi Vulnerability That Earned Hacker $200,000

oodaloop | December 09, 2019

On Thursday, VMware informed customers that it has released an updated version of its software that has patched a vulnerability that allowed for critical remote code execution in ESXi, which was exposed at China’s Tianfu Cup hacking competition earlier this month. The exploit, which only took 24 seconds to execute and earned the hacking team a total of $200,000, involved the hacker demonstrating control of the host operating system. The hacker, who is a member of the team 360Vulcan, received the highest single payout of the event. VMware employees attended the event and therefore were provided with details of the exploit after the demonstration, which took place less than a month ago. The vulnerability affects ESXi versions 6.0, 6.5, and 6.7 running on any platform.

Spotlight

Rubrik is a cybersecurity company, and our mission is to secure the world’s data. We pioneered Zero Trust Data Security™ to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, delivers data protection and cyber resilience in a single platform across enterprise, cloud, and SaaS applications. It helps organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.


Other News

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Spotlight

Rubrik is a cybersecurity company, and our mission is to secure the world’s data. We pioneered Zero Trust Data Security™ to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, delivers data protection and cyber resilience in a single platform across enterprise, cloud, and SaaS applications. It helps organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Resources