July 29, 2024 at 02:48PM Ransomware groups are exploiting a critical vulnerability (CVE-2024-37085) in VMware ESXi hypervisors to gain full administrative access on domain-joined systems. Microsoft warns that known cybercriminal groups have already exploited this flaw to deploy ransomware. The issue was not initially recognized as being exploited in the wild when VMware released patches. … Read more
July 10, 2024 at 12:54PM VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 … Read more
June 18, 2024 at 02:11AM Critical-rated flaws (CVE-2024-37079 & CVE-2024-37080) in vCenter Server by VMware/Broadcom pose remote code execution risk. The heap-overflow vulnerabilities in DCE/RPC protocol could be exploited by a network-based attacker. Despite no known in-the-wild exploitation, older vSphere versions 6.5 and 6.7 lack fixes. Additionally, an important-rated privilege escalation flaw (CVE-2024-37081) is present. … Read more
May 23, 2024 at 10:17AM MITRE detailed a recent cyberattack where state-sponsored hackers exploited zero-day vulnerabilities to access its NERVE environment. The attackers abused VMware systems for persistence and detection evasion, deploying backdoors and web shells. MITRE identified the threat actor and shared mitigation scripts for other organizations to safeguard their VMware environments. Key takeaways … Read more
May 14, 2024 at 03:38PM VMWare has made Workstation Pro and Fusion Pro free for personal use, following Broadcom’s acquisition. Users need to select free personal use when installing. VMs from Player products are compatible with Pro versions, allowing for easy upgrade. A new commercial model simplifies licensing offerings and purchasing. Workstation Player and Fusion … Read more
May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more
April 4, 2024 at 06:34PM A fresh Babuk ransomware variant called “SEXi” has targeted VMware ESXi servers, including a hit on IxMetro PowerHost in Chile. The attackers requested a $140 million ransom, but the CEO indicated it would not be paid. The attack is linked to a broader ransomware campaign, with related binaries and novel … Read more
March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes … Read more
February 21, 2024 at 01:15AM VMware has reported critical security flaws in the Enhanced Authentication Plugin (EAP), urging users to uninstall it. The vulnerability enables a malicious actor to manipulate service tickets and hijack sessions. Additionally, SonarSource disclosed cross-site scripting flaws in Joomla!. Salesforce’s Apex programming language also faces high-severity vulnerabilities. Users are advised to … Read more
February 20, 2024 at 04:05PM VMware warns administrators to remove a deprecated authentication plugin due to security vulnerabilities, enabling attackers to hijack privileged sessions and relay Kerberos tickets. To address the flaws, uninstall the plugin and stop its associated Windows service using PowerShell commands. The company stated there is no evidence of exploitation, and advises … Read more