A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybersecurity, VMware released updates to solve many vulnerabilities
VMware released updates to solve many vulnerabilities. The riskiest was the CVE-2021-21972
VMware has released security updates to address multiple vulnerabilities: CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of them to take control of an affected system. It has been announced by the US Cybersecurity & Infrastructure Security Agency (CISA). The riskiest was the CVE-2021-21972. It was caused by gaps in the validation of user inputs by the vROP plugin in the VMware vCenter Server Web Application, through which a non-authenticated remote attacker, able to reach vCenter services on http/https ports, could execute arbitrary code on the system target, by accessing the data center infrastructure management systems.