Security News

VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows - a product used by IT and help desk staff to remotely take over and manage employees' devices. A miscreant able to reach a Workspace ONE Assist deployment, either over the internet or on the network, can exploit any of these three bugs to obtain administrative access without the need to authenticate.

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin. Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to help desk and IT staff remotely access and troubleshoot devices in real time from the Workspace ONE console.

VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments. The flaw is in the XStream open-source library used by Cloud Foundation and has an almost maximum CVSSv3 base score of 9.8/10 assigned by VMware.

highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals.

To find out how a shift in working styles impacts companies' security posture, NinjaOne surveyed 400 employees in regulated industries. The accompanying report, Hybrid Work in 2022: How IT is Managing the New Challenges of a Flexible Work Environment, highlights that many organizations are still too cavalier when managing technology that enables hybrid work.

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide.

Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update. Installing the Windows 11 22H2 feature update will cause Remote Desktop clients not to connect, randomly disconnect, or freeze unexpectedly.

After two years of the pandemic, confidence in addressing certain security risks and threats arising from hybrid and remote work has improved among businesses and organizations around the world. "The past few years have cemented remote work and work-from-anywhere as a permanent part of the security landscape, and they have also introduced new security risks and challenges. However, growing familiarity with remote work has ultimately broadened awareness on an enterprise level of daily business security risks and has strengthened both confidence and ability in security teams and products to handle those risks and threats properly," said Francois Lasnier, VP of Access Management Solutions at Thales.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an industrial control systems advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency said in a notice.

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution or cause a denial-of-service condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers.