Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.
https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/
VMware Warns of Ransomware-Friendly Bug in vCenter Server
-
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.
https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/