Security News

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.

To help ease the transition to the cloud, VMware announced GE Healthcare will leverage VMware SD-WAN, now part of VMware SASE, to seamlessly deliver cloud-based services to GE Healthcare customers. "VMware SD-WAN provides this network overlay to prioritize and move high-fidelity, latency-sensitive data to the cloud and between edge locations. Leveraging VMware SD-WAN enables GE Healthcare to offer rapid, more securely deployed, and easily accessed virtual care solutions."

VMware on Thursday released security updates for multiple products to address a pair of security bugs, one serious enough to give attackers access to sensitive information. In an advisory, VMWare warns that a malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the "/cfg" web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request.

The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.

VMware continues to build out its virtual desktop infrastructure and Desktop-as-a-Service platform and announced new capabilities to make it easier for IT to manage Horizon deployments wherever they may be, on-premises or in the cloud. It brings together VMware Workspace ONE with VMware Carbon Black Cloud and VMware SASE. Horizon Control Plane services available on more cloud environments for greater flexibility.

Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines running on them.

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.