Security News

Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)
2023-01-25 11:01

VMware has fixed two critical and two important security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics.Reported by Trend Micro's Zero Day Initiative, none of the flaws are currently exploited by attackers in the wild, but given threat actors' predilection for targeting widely used VMware solutions, fixing these sooner rather than later is a good idea.

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
2023-01-25 07:07

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight that could expose users to remote code execution attacks. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.

Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws
2023-01-25 02:45

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. There are no reports of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.

VMware fixes critical security bugs in vRealize log analysis tool
2023-01-24 22:01

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. vRealize Log Insight is a log analysis and management tool that helps analyze terabytes of infrastructure and application logs in VMware environments.

Advanced Threat Prevention with VMware NSX Distributed Firewall
2022-12-19 11:00

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

VMware fixes critical ESXi and vRealize security flaws
2022-12-14 17:46

VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight.The VMware ESXi heap out-of-bounds write vulnerability is tracked as CVE-2022-31705 and has received a CVSS v3 severity rating of 9.3.

New Python malware backdoors VMware ESXi servers for remote access
2022-12-12 21:26

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively.

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
2022-11-09 06:04

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687.

VMware warns of three critical holes in remote-control tool
2022-11-09 01:16

VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows - a product used by IT and help desk staff to remotely take over and manage employees' devices. A miscreant able to reach a Workspace ONE Assist deployment, either over the internet or on the network, can exploit any of these three bugs to obtain administrative access without the need to authenticate.

VMware fixes three critical auth bypass bugs in remote access tool
2022-11-08 20:24

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin. Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to help desk and IT staff remotely access and troubleshoot devices in real time from the Workspace ONE console.