virtualization

Beware of phishing emails delivering backdoored Linux VMs!

backdoor, Don't miss, Hot stuff, Linux, News, phishing, Securonix, virtualization /

Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to […]

React to this headline:

Loading spinner

Beware of phishing emails delivering backdoored Linux VMs! Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

VirtualBox 7.1: This is a major update, here’s what’s new

News, Oracle, software, VirtualBox, virtualization /

VirtualBox 7.1: This is a major update, here’s what’s new 2024-09-12 at 10:47 By Help Net Security VirtualBox is a full virtualizer for x86 hardware designed for servers, desktops, and embedded systems. VirtualBox 7.1 introduces an enhanced user interface, cloud VM management, ARM support, Wayland compatibility, and more. New features in VirtualBox 7.1 This is

React to this headline:

Loading spinner

VirtualBox 7.1: This is a major update, here’s what’s new Read More »

VMware Patches High-Severity Code Execution Flaw in Fusion

code execution, CVE-2024-38811, virtualization, VMWare, Vulnerabilities /

VMware Patches High-Severity Code Execution Flaw in Fusion 2024-09-03 at 19:16 By Ionut Arghire VMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor. The post VMware Patches High-Severity Code Execution Flaw in Fusion appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

VMware Patches High-Severity Code Execution Flaw in Fusion Read More »

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

CVE, Don't miss, enterprise, Hot stuff, Microsoft, News, Ransomware, virtualization, VMWare, vulnerability /

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) 2024-07-30 at 14:01 By Zeljka Zorz Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner Broadcom has released a fix for CVE-2024-37085 on

React to this headline:

Loading spinner

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

CrowdStrike, Don't miss, Hot stuff, Microsoft, News, Orca Security, phishing, tech support scam, Trend Micro, virtualization, Windows, Windows Server /

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update 2024-07-22 at 15:16 By Zeljka Zorz By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows

React to this headline:

Loading spinner

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows /

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially

React to this headline:

Loading spinner

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

Confidential VMs Hacked via New Ahoi Attacks

Amd, Cloud, cloud security, Intel, virtualization /

Confidential VMs Hacked via New Ahoi Attacks 2024-04-08 at 17:01 By Eduard Kovacs New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Confidential VMs Hacked via New Ahoi Attacks Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

cloud security, CVE-2023-34048, CVE-2023-34051, Incident Response, vCenter Server, virtualization, VMWare, Vulnerabilities /

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products 25/10/2023 at 16:31 By Ryan Naraine VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10. The post VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products Read More »

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

bug bounty, Chrome, Don't miss, Expert corner, exploit, Google, Google Cloud, News, virtualization /

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM 09/10/2023 at 13:01 By Zeljka Zorz Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they

React to this headline:

Loading spinner

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM Read More »

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw

Aria Operations for Networks, Malware & Threats, Network Security, virtualization, VMWare, Vulnerabilities /

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw 21/06/2023 at 03:16 By Ryan Naraine VMware updates a critical-level bulletin: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.” The post VMware Confirms Live Exploits Hitting Just-Patched Security Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw Read More »

Scroll to Top