VMWare

Malware & Threats

Issued by: Dark Reading

Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline. Meanwhile, an oddball “GoodWill” variant purports to help the needy. The Cheerscrypt ransomware variant was uncovered by Trend Micro and…

Vulnerabilities

Issued by: Security Week

The developers of Spring, which is owned by VMware and said to be the world’s most popular Java application development framework, announced patches for three vulnerabilities last week. One of them is tracked as CVE-2022-22965, Spring4Shell and SpringShell, and it has been described as a critical remote code execution vulnerability in Spring Framework that can…

Malware & Threats

Issued by: Security Week

The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet and heightens the urgency for enterprise defenders to find and fix the issue. According to an advisory from NHS Digital, attackers are exploiting the critical vulnerability in the Apache Tomcat…

Application Security, Cloud Security, Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-22045 (CVSS score of 7.7), the security vulnerability exists in the CD-ROM device emulation function of Workstation, Fusion and ESXi. In an advisory, VMWare said the security defect could be exploited by attackers with access to a virtual machine that has CD-ROM device emulation enabled. An attacker capable of combining the security error…

Application Security, Cloud Security

Issued by: Security Week

Two new vulnerabilities were fixed, the most severe of which is CVE-2021-22057 (CVSS score of 6.6), an authentication bypass that affects VMware Verify two factor authentication. By exploiting the vulnerability, a malicious actor who has gained knowledge of the first-factor authentication, may provide it to obtain second-factor authentication from VMware Verify, VMware says. Tracked as…

Malware & Threats

Issued by: Help Net Security

Backblaze announced Instant Recovery in Any Cloud—a solution to make ransomware recovery into a VMware and Hyper-V based cloud easy for any IT team. Big ransomware payments gain a lot of attention—like the $5 million Colonial Pipeline recently paid. But few realize that ransomware victims often rely on backups to return to normal operations, not…

Vulnerabilities

Issued by: Help Net Security

In 2020, cybersecurity became a business problem for every industry, as well as the U.S. government. According to a new report by the Aspen Cybersecurity Group, there are several opportunities for the new presidential administration to increase cybersecurity efforts and awareness to create a more resilient digital infrastructure. Organizations like the Cybersecurity and Infrastructure Security…

Vulnerabilities

Issued by: Help Net Security

For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, Access Connector, VMware Identity Manager and VMware Identity Manager Connector. As some of these are components of the VMware Cloud Foundation (vIDM) and vRealize Suite Lifecycle Manager (vIDM)…