Security News

According to VMware, such movements were observed in 25% of all attacks. One of the best things that organizations can do to counter these types of attacks is to look for ways to improve overall visibility.

VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. On Friday evening, Microsoft warned about an "Ongoing wide-ranging click fraud campaign" attributed to a threat actor tracked as DEV-0796 using Chromeloader to infect victims with various malware.

VMware is warning that ESXi VMs running on Linux kernel 5.19 can have up to a 70% performance drop when Retbleed mitigations are enabled compared to the Linux kernel 5.18 release. More specifically, the VMware performance team noticed regressions on ESXi virtual machines of up to 70% in computing, 30% in networking, and 13% in storage.

VMware has admitted an update on some versions of its Carbon Black endpoint solution is responsible for BSODs and boot loops on Windows machines after multiple organizations were affected by the problem. The problem surfaced yesterday, with threat hunter Tim Geschwindt stating on Twitter he knew of about 50 organizations struggling with the issue, and saying the Carbon Black endpoint solution was "Causing blue screens of death for devices running sensor version 3.7.0.1253".

Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution. The root of the problem is a ruleset deployed today to Carbon Black Cloud Sensor 3.6.0.1979 - 3.8.0.398 that causes devices to crash and show a blue screen at startup, denying access to them.

Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.A week ago, VMware released updates to address the vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

VMware found a quarter of all ransomware attacks included double-extortion techniques, with top methods including blackmail, data auction and name and shame The use of deepfakes also shot up this year, by 13 percent to 66 percent of respondents reporting they had featured in an attack. 65 percent of respondents noted that cyberattacks had increased since Russia invaded Ukraine and 62 percent said they'd been on the receiving end of zero-day exploits.

VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. "Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority," Claire Tillis, senior research engineer with Tenable's Security Response Team, said in an email to Threatpost.

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to patch or mitigate immediately.CVE-2022-31656 is an authentication bypass vulnerability affecting local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation, that may allow an attacker with network access to the UI to obtain administrative access without the need to authenticate first.

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The most severe of the flaws is CVE-2022-31656, an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative access.