July 10, 2024 at 12:54PM VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 … Read more
June 18, 2024 at 02:11AM Critical-rated flaws (CVE-2024-37079 & CVE-2024-37080) in vCenter Server by VMware/Broadcom pose remote code execution risk. The heap-overflow vulnerabilities in DCE/RPC protocol could be exploited by a network-based attacker. Despite no known in-the-wild exploitation, older vSphere versions 6.5 and 6.7 lack fixes. Additionally, an important-rated privilege escalation flaw (CVE-2024-37081) is present. … Read more
May 14, 2024 at 09:48AM VMware, owned by Broadcom, issues security advisory for Workstation and Fusion, announcing patches for vulnerabilities exploited at Pwn2Own hacking competition. Advisories are now available on Broadcom’s support website. The latest advisory details four vulnerabilities, with three reported at Pwn2Own Vancouver 2024 and the fourth by a researcher outside the competition. … Read more
March 11, 2024 at 02:51PM Broadcom announced the merger of Carbon Black and Symantec into a new unit focusing on integrating network and data telemetry with Endpoint Detection and Response (EDR) technologies. The new Enterprise Security Group will manage Broadcom’s cybersecurity portfolio and enhance the products of both companies for greater customer visibility and control. … Read more
October 19, 2023 at 06:39AM Between February and September 2023, the Iran-linked threat actor, OilRig, conducted an eight-month cyber espionage campaign against an unnamed Middle East government. The attack involved the theft of files and passwords, as well as the deployment of a PowerShell backdoor called PowerExchange. Additional malware used included Tokel, Dirps, and Clipog. … Read more