{"id":424634,"date":"2022-10-21T18:04:45","date_gmt":"2022-10-21T20:04:45","guid":{"rendered":"https:\/\/teknomers.com\/fr\/plusieurs-campagnes-exploitent-la-vulnerabilite-de-vmware-pour-deployer-des-crypto-mineurs-et-des-ransomwares\/"},"modified":"2022-10-21T18:04:47","modified_gmt":"2022-10-21T20:04:47","slug":"plusieurs-campagnes-exploitent-la-vulnerabilite-de-vmware-pour-deployer-des-crypto-mineurs-et-des-ransomwares","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/plusieurs-campagnes-exploitent-la-vulnerabilite-de-vmware-pour-deployer-des-crypto-mineurs-et-des-ransomwares\/","title":{"rendered":"Plusieurs campagnes exploitent la vuln\u00e9rabilit\u00e9 de VMware pour d\u00e9ployer des crypto-mineurs et des ransomwares"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Une vuln\u00e9rabilit\u00e9 d\u00e9sormais corrig\u00e9e dans VMware Workspace ONE Access a \u00e9t\u00e9 observ\u00e9e en train d&#8217;\u00eatre exploit\u00e9e pour fournir \u00e0 la fois des mineurs de crypto-monnaie et des ransomwares sur les machines concern\u00e9es.<\/p>\n<p>&#8220;L&#8217;attaquant a l&#8217;intention d&#8217;utiliser autant que possible les ressources d&#8217;une victime, non seulement pour installer RAR1Ransom \u00e0 des fins d&#8217;extorsion, mais \u00e9galement pour diffuser GuardMiner afin de collecter de la crypto-monnaie&#8221;, a d\u00e9clar\u00e9 Cara Lin, chercheuse chez Fortinet FortiGuard Labs. <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/multiple-malware-campaigns-target-vmware-vulnerability\" target=\"_blank\">a dit<\/a> dans un rapport jeudi.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Le probl\u00e8me, identifi\u00e9 comme CVE-2022-22954 (score CVSS\u00a0: 9,8), concerne une vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code \u00e0 distance qui d\u00e9coule d&#8217;un cas d&#8217;injection de mod\u00e8le c\u00f4t\u00e9 serveur.<\/p>\n<p>Bien que la lacune ait \u00e9t\u00e9 corrig\u00e9e par le fournisseur de services de virtualisation en avril 2022, elle fait depuis l&#8217;objet d&#8217;une exploitation active dans la nature.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"368\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/10\/1666382685_590_Plusieurs-campagnes-exploitent-la-vulnerabilite-de-VMware-pour-deployer-des.jpg\" \/><\/div>\n<p>Fortinet a d\u00e9clar\u00e9 avoir observ\u00e9 en ao\u00fbt 2022 des attaques visant \u00e0 militariser la faille pour d\u00e9ployer le botnet Mirai sur des appareils Linux ainsi que le RAR1Ransom et <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortinet.com\/fortiguard\/threat-and-incident-notifications\" target=\"_blank\">GardeMiner<\/a>une variante du mineur XMRig Monero.<\/p>\n<p>L&#8217;\u00e9chantillon Mirai est extrait d&#8217;un serveur distant et est con\u00e7u pour lancer des attaques par d\u00e9ni de service (DoS) et par force brute visant des appareils IoT bien connus en utilisant une liste d&#8217;informations d&#8217;identification par d\u00e9faut.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>La distribution de RAR1Ransom et GuardMiner, en revanche, est r\u00e9alis\u00e9e au moyen d&#8217;un PowerShell ou d&#8217;un script shell en fonction du syst\u00e8me d&#8217;exploitation.  RAR1ransom est \u00e9galement remarquable pour tirer parti de l&#8217;utilitaire WinRAR l\u00e9gitime pour lancer le processus de cryptage.<\/p>\n<p>Les r\u00e9sultats sont un autre rappel que les campagnes de logiciels malveillants continuent d&#8217;exploiter activement les failles r\u00e9cemment r\u00e9v\u00e9l\u00e9es pour s&#8217;introduire dans des syst\u00e8mes non corrig\u00e9s, ce qui rend essentiel que les utilisateurs accordent la priorit\u00e9 \u00e0 l&#8217;application des mises \u00e0 jour de s\u00e9curit\u00e9 n\u00e9cessaires pour att\u00e9nuer ces menaces.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/multiple-campaigns-exploit-vmware.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une vuln\u00e9rabilit\u00e9 d\u00e9sormais corrig\u00e9e dans VMware Workspace ONE Access a \u00e9t\u00e9 observ\u00e9e en train d&#8217;\u00eatre exploit\u00e9e pour fournir \u00e0 la fois des mineurs de crypto-monnaie et des ransomwares sur les machines concern\u00e9es. &#8220;L&#8217;attaquant a l&#8217;intention d&#8217;utiliser autant que possible les ressources d&#8217;une victime, non seulement pour installer RAR1Ransom \u00e0 des fins d&#8217;extorsion, mais \u00e9galement pour [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":424635,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[24472,4168,79695,4158,4165,4161,9886,133,8736,4157,4159,4171,4170,4167,4160,4163,4162,701,185,63091,4172,4169,4166,34910,3667,4164],"class_list":["post-424634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-campagnes","tag-comment-pirater","tag-cryptomineurs","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-deployer","tag-des","tag-exploitent","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-plusieurs","tag-pour","tag-ransomwares","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/424634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=424634"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/424634\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/424635"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=424634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=424634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=424634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}