The attack campaigns appear to be exploiting CVE-2021-21974 for which a patch has been available since February 23, 2021. Systems running ESXi versions 7.0, 6.7 and 6.5 are currently being targeted and pose the greatest threat.
The attacks that exploited the Log4J vulnerability illustrated that malicious actors work quickly to find new ways of compromising organizations. This trend has been growing for several years, making it clear that organizations need to detect and respond to threats much faster than traditional, perimeter-based approaches allow. That’s why both the government and the private sectors have been embracing the paradigm shift to Zero Trust security.
BigFix's FOCUS concepts provide a guide about how your organization strategizes about how cybersecurity and empowers you to find and implement controls that balance the needs of business and security simultaneously.
The OpenSSL V3 Vulnerabilities project announced details of vulnerabilities that exist in versions of the OpenSSL software versions earlier than version 3.0.7. They have released OpenSSL Version 3.0.7 to address these security vulnerabilities. BigFix can address and speed vulnerability remediation.