Security News
VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication. Carbon Black App Control is designed for corporate environments, to harden the security of systems both old and new, and protect them against unauthorized modifications, such as those generated by malware or zero-day exploits.
A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges. Tracked as CVE-2021-21999 and featuring a CVSS score of 7.8, the issue is a local privilege escalation that requires for an attacker to have normal access to a virtual machine for successful exploitation.
Partnering to accelerate this innovation, Cohere Technologies and VMware announced they are developing an O-RAN solution to help CSPs improve network and spectrum efficiencies and deliver new and differentiated services and experiences for their customers. "The RAN is by far the most costly and complex part of a CSP network as workloads that run there require ultra-low latency and high performance," said Stephen Spellicy, vice president of product marketing and solutions, Service Provider and Edge, VMware.
VMware and Vapor IO announced they are building a Multi-Cloud Services Grid that integrates the VMware Telco Cloud Platform with Vapor IO's Kinetic Grid platform, allowing developers and service operators to hypercompose grid services on-demand. The collaboration aims to greatly simplify and lower the costs of deploying distributed 5G systems and real-time applications by stitching together multiple cloud and edge environments into a unifying framework that can serve up resources for use, on-demand, across shared infrastructure.
A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches.
Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets.
VMware announced its work with Zoom to enable a better and more secure collaboration experience for hybrid work environments. VMware Anywhere Workspace is available today and brings together the benefits of three innovative solutions - VMware Workspace ONE, VMware Carbon Black Cloud and VMware SASE. Through relationships with Zoom, VMware is delivering interoperable solutions with VMware Anywhere Workspace to better support a hybrid workforce.
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.