Security News

Kasten, the market leader for Kubernetes Data Management, announced that the company's flagship platform, Kasten K10, is available on VMware Cloud Marketplace. Kasten architected Kasten K10 specifically to address Day 2 data management challenges for cloud-native applications.

A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln, details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level.

Cloud and data center security solutions provider Guardicore on Wednesday made available technical information on a critical VMware vCenter Server vulnerability that can be exploited by an attacker to gain full control over the targeted VMware deployment. Few details have been made available by VMware so researchers at Guardicore have decided to analyze the patch in an effort to identify the changes made by the virtualization giant to address the vulnerability.

VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication. vCenter Server is server management software for controlling VMware vSphere environments.

A critical information-disclosure bug in VMware's Directory Service could lay bare the contents of entire corporate virtual infrastructures, if exploited by cyberattackers. The vmdir in turn is a central component to the vCenter SSO. Also, vmdir is used for certificate management for the workloads governed by vCenter, according to VMware.

VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication. The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.

VMware's Virtual Cloud Network solution is an integral component of VMware Cloud Foundation, which is offered on all major hyperscale cloud providers - AWS, Azure, Alibaba Cloud, Google Cloud, IBM Cloud and Oracle Cloud - and uniquely enables VMware to make private clouds as efficient and agile as public clouds and support business continuity efforts. "Our Virtual Cloud Network solution is helping our customers provide the public cloud experience on-premise, removing the inefficient IT ticket requests and long waits for networking and security changes," said Tom Gillis, senior vice president and general manager, Networking and Security Business Unit at VMware.

Working with VMware, Vodafone Group has completed the roll-out of network virtual infrastructure across all of its European business and 21 markets in total. Operating a reliable, agile network that can be more efficiently upgraded to maintain the quality of coverage has never been more important as Vodafone customers across Europe rely on the operator to provide critical connectivity and communications services during the COVID-19 crisis.

Building on a record-setting 2019, Morpheus has released v4.2 of its multi-cloud management platform focused on enabling continuous delivery for customers leveraging Kubernetes, VMware, and Terraform. With v4.2, Morpheus has added support for brownfield Kubernetes clusters in addition to CNCF Certified Morpheus Kubernetes Service and integration with EKS and AKS. Additionally, the Morpheus Kubernetes Service has been CNCF certified up to version 1.17.

Delta Risk, a leading provider of SOC-as-a-Service and security services, announced that it has expanded its partnership with VMware Carbon Black, a leader in cloud-delivered, next-generation endpoint security. The partnership includes fully integrated managed detection, response, threat hunting, and monitoring capabilities via Delta Risk's ActiveEye security platform for customers using VMware Carbon Black solutions, providing improved endpoint visibility for organizations of all sizes.