Security News

VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool. According to VMware, a malicious actor that has network access to port 5989 on ESXi may send a specially crafted request to bypass SFCB authentication.

"REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices," Caspi wrote. In a nod to research by AdvIntel in early May 2021, which reported REvil's intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May "Affecting *nix systems and ESXi.".

The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel's Yelisey Boguslavskiy shared a forum post from the REvil operation where they confirmed that they had released a Linux version of their encryptor that could also work on NAS devices.

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China's Tianfu Cup hacking competition. 360 ESG Vulnerability Research Institute is the only team to run the entry on VMware ESXi today.

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation. One of the security bugs, with a critical severity rating and tracked as CVE-2020-4004, allows attackers with local administrative privileges on a virtual machine to abuse a use-after-free vulnerability in the XHCI USB controller of VMware ESXi, Workstation, and Fusion.

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes. Vulnerabilities in ESXi hypervisor exploited during a hacking competition.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. In it, he noted [PDF] that in three years, the optimal cost per component on a chip had dropped by a factor of 10, while the optimal number had increased by the same factor, from 10 to 100.

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. "Updated patch versions in the response matrix of section 3a after release of ESXi patches that completed the incomplete fix for CVE-2020-3992 on 2020-11-04," said Oracle's updated advisory.

VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.