Security News

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code...

Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure
2024-06-17 06:34

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
2024-05-15 10:55

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize...

Week in review: 10 cybersecurity startups to watch, admins urged to remove VMware vSphere plugin
2024-02-25 09:00

How decentralized identity is shaping the future of data protectionIn this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity in cybersecurity. 10 cybersecurity startups to watch in 2024Help Net Security decided to spotlight companies breaking new ground, attracting top talent, and leading innovation in key areas.

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
2024-02-21 12:52

VMware Enhanced Authentication Plug-in, a plugin for VMware vSphere, has two vulnerabilities that could be exploited by attackers to mount authentication relay and session hijack attacks. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021.

Cybercriminals Actively Target VMware vSphere with Cryptominers
2022-01-18 19:33

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected.Uptycs' Siddharth Sharma has released research showing threat actors are using malicious shell scripts to make modifications and run the cryptominer on vSphere virtual networks.

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client
2021-11-24 21:09

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client.

Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching
2021-06-07 10:55

A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches.

VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability
2021-05-26 14:29

VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even if the plugin is not actually being used.

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
2021-02-24 09:35

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.