Security News

VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool. According to VMware, a malicious actor that has network access to port 5989 on ESXi may send a specially crafted request to bypass SFCB authentication.

"REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices," Caspi wrote. In a nod to research by AdvIntel in early May 2021, which reported REvil's intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May "Affecting *nix systems and ESXi.".

Zettaset announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments.

VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly. Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.

VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering.

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. CVE-2021-21998 is the second time VMware is addressing an authentication bypass issue in its Carbon Black endpoint security software.

VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication. Carbon Black App Control is designed for corporate environments, to harden the security of systems both old and new, and protect them against unauthorized modifications, such as those generated by malware or zero-day exploits.

A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges. Tracked as CVE-2021-21999 and featuring a CVSS score of 7.8, the issue is a local privilege escalation that requires for an attacker to have normal access to a virtual machine for successful exploitation.

Partnering to accelerate this innovation, Cohere Technologies and VMware announced they are developing an O-RAN solution to help CSPs improve network and spectrum efficiencies and deliver new and differentiated services and experiences for their customers. "The RAN is by far the most costly and complex part of a CSP network as workloads that run there require ultra-low latency and high performance," said Stephen Spellicy, vice president of product marketing and solutions, Service Provider and Edge, VMware.

VMware and Vapor IO announced they are building a Multi-Cloud Services Grid that integrates the VMware Telco Cloud Platform with Vapor IO's Kinetic Grid platform, allowing developers and service operators to hypercompose grid services on-demand. The collaboration aims to greatly simplify and lower the costs of deploying distributed 5G systems and real-time applications by stitching together multiple cloud and edge environments into a unifying framework that can serve up resources for use, on-demand, across shared infrastructure.