June 20, 2024 at 05:32PM RansomHub ransomware has a Linux encryptor tailored for VMware ESXi environments. Launched in February 2024, RansomHub has affected over 45 victims across 18 countries. An ESXi variant was detected in April 2024, presenting a bug that defenders can exploit. Additionally, the encryptor has specific commands and a unique encryption scheme. … Read more
June 19, 2024 at 11:21AM A China-based cyber espionage group, UNC3886, has been using zero-day exploits to target Fortinet, Ivanti, and VMware systems, gaining access to sensitive information in various industries. The group has developed techniques to avoid detection, including using rootkits and backdoors to maintain access. Organizations are advised to follow security recommendations from … Read more
June 18, 2024 at 04:34PM Broadcom releases fixes for three vulnerabilities in VMware vCenter, with two critical vulnerabilities allowing remote code execution. The vulnerabilities could allow attackers to execute code on managed VMs. In addition, there are patch updates for local privilege escalation vulnerabilities. VMware, with a large customer base, faces increased risk due to … Read more
June 18, 2024 at 02:11PM VMware has issued a security advisory for critical vulnerabilities in vCenter Server, impacting versions 7.0 and 8.0, and Cloud Foundation versions 4.x and 5.x. The vulnerabilities include remote code execution and local privilege escalation flaws. The vendor has released fixes for the vulnerabilities and advises applying updates promptly to mitigate … Read more
June 18, 2024 at 12:36PM VMware, owned by Broadcom, has released patches for severe vCenter Server vulnerabilities, including heap-overflow flaws and local privilege escalation issues. These could lead to remote code execution or elevate privileges to root. Chinese cybersecurity company Qi An Xin and Matei Badanoiu of Deloitte Romania were credited for reporting the vulnerabilities. … Read more
June 18, 2024 at 04:33AM VMware has issued updates to fix critical vulnerabilities affecting Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could lead to privilege escalation and remote code execution. The vulnerabilities include heap-overflow flaws and local privilege escalation issues. While there are no known active exploits, users are urged to promptly apply … Read more
March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more
March 6, 2024 at 10:41AM VMware released security updates to address critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation products, potentially allowing unauthorized access to host systems and virtual machines on the same host. The advisory details four vulnerabilities, their impact, and provides a workaround for some issues. VMware also made security … Read more
February 21, 2024 at 10:41AM VMware has urged network administrators to remove an out-of-date plug-in for its VSphere due to two critical flaws — CVE-2024-22245 and CVE-2024-22250. These vulnerabilities allow attackers to hijack cloud computing sessions. The company has released a security advisory with instructions on removal, as the plug-in is no longer supported. VMware … Read more
January 19, 2024 at 08:23AM VMware confirmed active exploitation of a critical vCenter Server vulnerability (CVE-2023-34048) reported by Trend Micro researcher Grigory Dorodnov. Multiple end-of-life products were patched, and ransomware gangs target VMware servers. Over 2,000 exposed servers pose breach risks. VMware urged strict network access control and previously fixed high-severity vCenter Server flaws, an … Read more