Security News

A recently patched vulnerability affecting VMware Cloud Director has a major impact for cloud services providers as it can allow an attacker to take full control of all private clouds hosted on the same infrastructure, cybersecurity firm Citadelo revealed on Monday. Citadelo researchers found that an authenticated attacker could exploit the vulnerability by sending specially crafted traffic to Cloud Director either via API calls or the web interface.

A code injection vulnerability affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. VMware Cloud Director is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure.

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.

An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch. VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.

VMware announced the availability of the second generation of VMware Cloud on Dell EMC, a cloud service that combines the simplicity and agility of the public cloud with the security and control of enterprise-grade on-premises infrastructure. "Today's IT teams are under constant pressure to deliver the advantages of a cloud operating model-namely, speed and agility-while still accounting for key security and compliance assurances," said Fidelma Russo, senior vice president and general manager, VMware Cloud on Dell EMC. "VMware Cloud on Dell EMC further enables IT teams to transform the operation, management and protection of their on-premises infrastructure to a cloud model. Organizations can migrate existing VMware-based workloads immediately to this cloud service, eliminating any re-development, re-factoring, or architectural rework and related costs."

VMware informed customers on Tuesday that it has patched a high-severity remote code execution vulnerability in its Cloud Director product. The vulnerability, tracked as CVE-2020-3956, has been described as a code injection issue that allows an authenticated attacker to send malicious traffic to Cloud Director, which could result in arbitrary code execution.

As small to mid-sized businesses use more bandwidth every year to modernize their companies, Kinetic Business is proud to announce a SD-WAN solution to help manage their usage. Kinetic Business SD-WAN is built upon VeloCloud technology from VMware, an industry leader in SD-WAN solutions.

VMware announced on Wednesday during its virtual Connect 2020 cybersecurity conference the acquisition of Kubernetes security company Octarine and a new Next-Gen Security Operations Center Alliance. VMware acquired Carbon Black last year for $2.1 billion and the virtualization giant announced the launch of its new Security Business Unit when the acquisition was completed.

VMware is working on patches for its vRealize Operations Manager product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. Researchers discovered recently that the configuration management and orchestration system Salt is affected by serious vulnerabilities that can be exploited for authentication bypass and directory traversal.