VMware

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

Read More Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers to bypass authentication. Carbon Black Cloud Workload is a data center security product that protects customers’ workloads […]

The post VMware fixes authentication bypass in Carbon Black Cloud Workload appliance appeared first on Security Affairs.

Read More VMware fixes authentication bypass in Carbon Black Cloud Workload appliance

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform. Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 […]

The post VMware fixed flaws in vROps that can be chained to compromise organizations appeared first on Security Affairs.

Read More VMware fixed flaws in vROps that can be chained to compromise organizations

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […]

The post VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials appeared first on Security Affairs.

Read More VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials

VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […]

The post VMware addresses Remote Code Execution issue in View Planner appeared first on Security Affairs.

Read More VMware addresses Remote Code Execution issue in View Planner

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

The post Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw appeared first on Security Affairs.

Read More Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://t.co/t3Gv2ZgTdt). Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel https://t.co/AcSZ40U5Gp — Bad Packets (@bad_packets) February 24, 2021 “In our opinion, the RCE vulnerability in the vCenter Server can pose no less a … More

The post Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! appeared first on Help Net Security.

Read More Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]

The post VMware addresses a critical RCE issue in vCenter Server appeared first on Security Affairs.

Read More VMware addresses a critical RCE issue in vCenter Server

VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […]

The post VMware fixes command injection issue in vSphere Replication appeared first on Security Affairs.

Read More VMware fixes command injection issue in vSphere Replication