Security News

VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product. CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response.

CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information. Workspace ONE Unified Endpoint Management is a VMware solution for over-the-air remote management of desktops, mobile, rugged, wearables, and IoT devices.

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.

VMware customers have probably had a busy week because more than 100 of the IT giant's products are impacted by the Log4j bug. Now they need to make another urgent patching effort, because the virty giant has identified another critical flaw in its products that it rates as requiring urgent attention.

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client.

Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor."This is one of the fastest ransomware attacks Sophos has ever investigated and it appeared to precision-target the ESXi platform," said Andrew Brandt, principal researcher at Sophos.

Researchers have discovered a new Python ransomware from an unnamed gang that's striking ESXi servers and virtual machines with what they called "Sniper-like" speed. While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but.

Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers. While the Python programming language is not commonly used in ransomware development, it is a logical choice for ESXi systems, seeing that such Linux-based servers come with Python installed by default.

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.

A working exploit for the critical CVE-2021-22005 remote-code execution vulnerability in VMware vCenter is now fully public and is being exploited in the wild. "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware, when VMware announced the vulnerability on Tuesday.