Security News

Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware. VMware's 2021 Global Security Insights Report is based on a survey of more than 3,500 CISOs, CTOs and CIOs conducted in December 2020.

Windstream Enterprise has announced new feature enhancements and hardware available for its VMware-powered SD-WAN. The three new SD-WAN edge devices are the next-generation technology from VMware, named as a Leader in the 2020 Gartner Magic Quadrant for WAN Edge Infrastructure. The enhancements enable Windstream Enterprise to offer customers SD-WAN technology.

New TSA security directive is a needed shock to the systemThe Department of Homeland Security's Transportation Security Administration announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector. VMware fixes critical vCenter Server RCE vulnerability, urges immediate actionVMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible.

VMware's virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch "As soon as possible". VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10.

VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even if the plugin is not actually being used.

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system - vCenter Server. The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin - even if you don't run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware's advisory this week, is: "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.

VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.

VMware believes the answer is not some new security product or feature, or a different type of analytics. What's needed are structural and architectural changes to how organizations approach security.