Security News

Those running VMWare guest machines on Mac will want to update their software to get a security fix for VMware Tools. Earlier this month, Microsoft dropped its usual boatload of Patch Tuesday updates, sans a set for Office for Mac.

VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products. The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.

VMware on Thursday announced that it's acquiring network security company Lastline for its research team and threat detection technology. The firm also noted that its team includes 15 PhDs. While VMware has praised Lastline employees, TechCrunch has learned that the virtualization giant actually plans on laying off roughly 50 people from Lastline following the acquisition - this represents 40% of the company's staff.

VMware is acquiring antimalware company Lastline to boost its network security offerings. As Lastline is privately held, terms of the deal are not being disclosed.

VMWare's VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure. A few weeks back, security pen testing company Citadelo chanced upon what looks like a significant vulnerability while it was carrying out an audit for a VMware customer.

VMware introduced a new integrated feature in VMware vSphere 7 that will enable enterprises to deliver elastic infrastructure on-demand for artificial intelligence and machine learning applications. With the newly integrated Bitfusion capabilities, VMware vSphere 7 will enable enterprises to pool their powerful GPU resources on their servers and share them within their data centers.

VMware announced that Carol Carpenter has joined the leadership team as chief marketing officer. As CMO, Carpenter is responsible for leading all aspects of the Global Marketing organization, which includes Corporate Marketing, Partner, Segment and Field Marketing.

A recently patched vulnerability affecting VMware Cloud Director has a major impact for cloud services providers as it can allow an attacker to take full control of all private clouds hosted on the same infrastructure, cybersecurity firm Citadelo revealed on Monday. Citadelo researchers found that an authenticated attacker could exploit the vulnerability by sending specially crafted traffic to Cloud Director either via API calls or the web interface.

A code injection vulnerability affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. VMware Cloud Director is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure.

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.