Security News

VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments. The flaw is in the XStream open-source library used by Cloud Foundation and has an almost maximum CVSSv3 base score of 9.8/10 assigned by VMware.

highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals.

To find out how a shift in working styles impacts companies' security posture, NinjaOne surveyed 400 employees in regulated industries. The accompanying report, Hybrid Work in 2022: How IT is Managing the New Challenges of a Flexible Work Environment, highlights that many organizations are still too cavalier when managing technology that enables hybrid work.

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide.

Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update. Installing the Windows 11 22H2 feature update will cause Remote Desktop clients not to connect, randomly disconnect, or freeze unexpectedly.

After two years of the pandemic, confidence in addressing certain security risks and threats arising from hybrid and remote work has improved among businesses and organizations around the world. "The past few years have cemented remote work and work-from-anywhere as a permanent part of the security landscape, and they have also introduced new security risks and challenges. However, growing familiarity with remote work has ultimately broadened awareness on an enterprise level of daily business security risks and has strengthened both confidence and ability in security teams and products to handle those risks and threats properly," said Francois Lasnier, VP of Access Management Solutions at Thales.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an industrial control systems advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency said in a notice.

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution or cause a denial-of-service condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers.

Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service conditions on vulnerable devices.Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers "To execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition," the company explains.

FileWave's mobile device management system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report.