Security News

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize...

How decentralized identity is shaping the future of data protectionIn this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity in cybersecurity. 10 cybersecurity startups to watch in 2024Help Net Security decided to spotlight companies breaking new ground, attracting top talent, and leading innovation in key areas.

VMware Enhanced Authentication Plug-in, a plugin for VMware vSphere, has two vulnerabilities that could be exploited by attackers to mount authentication relay and session hijack attacks. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021.

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected.Uptycs' Siddharth Sharma has released research showing threat actors are using malicious shell scripts to make modifications and run the cryptominer on vSphere virtual networks.

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client.

A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches.

VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even if the plugin is not actually being used.

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.