September 25, 2024 at 08:40AM Virtualization technology has revolutionized server-based computing over the past 20 years, optimizing resources and enhancing availability. However, the rise in high-profile attacks on hypervisors poses a significant threat to virtualized tier-one applications. Organizations are urged to consider migrating tier-one applications to physical hardware, the cloud, or SaaS solutions to minimize … Read more
July 30, 2024 at 04:12PM Ransomware groups are exploiting an authentication bypass bug (CVE-2024-37085) in VMware ESXi, giving them significant access and enabling rapid malware deployment. Broadcom has issued a fix. ESXi hypervisors inadvertently grant full administrative access to any AD domain group called “ESX Admins.” Hackers find hypervisors alluring due to their complexity and … Read more
July 29, 2024 at 02:48PM Ransomware groups are exploiting a critical vulnerability (CVE-2024-37085) in VMware ESXi hypervisors to gain full administrative access on domain-joined systems. Microsoft warns that known cybercriminal groups have already exploited this flaw to deploy ransomware. The issue was not initially recognized as being exploited in the wild when VMware released patches. … Read more
July 1, 2024 at 10:06AM Google has introduced kvmCTF, a bug bounty program for the KVM hypervisor, offering significant rewards for vulnerabilities. Participants can attempt to conduct guest-to-host attacks in a lab environment, with potential payouts including $250,000 for a full VM escape. The program aims to enhance the security of widely used virtualization technology. … Read more
May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more
April 8, 2024 at 09:54AM Researchers from ETH Zurich have unveiled new attack techniques called Ahoi attacks, targeting hardware-based trusted execution environments in cloud platforms using AMD’s SEV-SNP and Intel’s TDX technologies. The attacks allow malicious hypervisors to compromise confidential virtual machines and gain root access. The researchers have notified relevant companies, and relevant patches … Read more
March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more