Security News

A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. The malware was discovered by Promon, whose analysts report that it currently spreads via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.

VMware has fixed one critical and three important flaws in its VMware Workstation and Fusion virtual user session software.As explained by VMware, CVE-2023-20869 is a critical stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine, which allows a malicious actor with local administrative privileges to execute code as the virtual machine's VMX process running on the host.

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.

AMD's Secure Encrypted Virtualization scheme is not as secure as its name suggests. In a paper titled "One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization," Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, and Jean-Pierre Seifert from TU Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack.

Many of the hardware and software security features Microsoft lists as absolute requirements for a successful Windows 11 installation are already available as options in Windows 10. In some cases, getting these more advanced levels of security is just a matter of turning them on, particularly on newer PCs. One of the more powerful of these security features is the Hypervisor-Protected Code Integrity protocol.

Loft Labs announced that vcluster, a virtual cluster technology for Kubernetes, is now freely available on GitHub. "Vcluster is the first actually working virtualization technology for Kubernetes," said Fabian Kramm, CTO of Loft Labs.

Virtualization in the client is different from virtualization in servers. As today's client devices continue to support a diverse set of business-critical applications - and access to highly sensitive data and commercial assets - virtualization can deliver major productivity and security advantages.

AdaCore launched a new edition of its premier GNAT Pro Ada, C and C++ development toolsuites in support of the Wind River Helix Virtualization Platform. By choosing GNAT Pro, Helix Platform customers will experience a consistent software development toolchain across each of their Helix Platform partitions and target architectures, thereby helping to reduce overall development and training costs.

Microsoft Defender Application Guard, brings hypervisor-based isolation to Microsoft Edge and Microsoft Office applications. While Application Guard works well with Edge and Office, it doesn't support other applications.

Intel and VMware are collaborating on an integrated software platform for virtualized Radio Access Networks to accelerate the rollout of both existing LTE and future 5G networks. As part of this effort, Intel and VMware will collaborate in building programmable open interfaces that leverage Intel's FlexRAN software reference architecture and a VMware RAN Intelligent Controller, to enable development of innovative radio network functions using AI/ML learning for real time resource management, traffic steering and dynamic slicing.