Category Archives: vmware

VMware and Dell deliver simple, secure, and scalable cloud infrastructure to the data center and edge

VMware announced the availability of the second generation of VMware Cloud on Dell EMC, a cloud service that combines the simplicity and agility of the public cloud with the security and control of enterprise-grade on-premises infrastructure. Jointly developed with Dell Technologies, this VMware service delivers simple, more secure and scalable infrastructure as-a-service to customers’ on-premises data center and edge locations. “Today’s IT teams are under constant pressure to deliver the advantages of a cloud operating … More

The post VMware and Dell deliver simple, secure, and scalable cloud infrastructure to the data center and edge appeared first on Help Net Security.

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

VMware has addressed a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, that affects its Cloud Director product.

VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product.

The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code.

“A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products.” reads the security advisory published by VMware.

“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.”

According to the company, the vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

The vulnerability impacts VMware Cloud Director 10.0.x, 9.7.x and 9.5.x on Linux and Photon OS appliances, and version 9.1.x on Linux. Versions 8.x, 9.0.x and 10.1.0 are not affected.

VMware vCloud Director 9.1.0.4, 9.5.0.6, 9.7.0.5 and 10.0.0.2 addresses the issue. VMware has also released a workaround to mitigate the risk of attacks exploiting the issue.

The vulnerability was discovered by Tomáš Melicher and Lukáš Václavík of Citadelo.

A couple of weeks ago, VMware addressed vulnerabilities impacting the vRealize Operations Manager (vROps) product, including two recently disclosed Salt issues.

Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication.

The CVE-2020-3952 vulnerability has received a CVSSv3 score of 10, it resides in the vCenter Server version 6.7 on Windows and virtual appliances.

Pierluigi Paganini

(SecurityAffairs – CVE-2020-3956, hacking)

The post VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director appeared first on Security Affairs.

Kinetic Business unveils SD-WAN built upon VeloCloud technology from VMware

As small to mid-sized businesses use more bandwidth every year to modernize their companies, Kinetic Business is proud to announce a SD-WAN solution to help manage their usage. Kinetic Business SD-WAN is built upon VeloCloud technology from VMware, an industry leader in SD-WAN solutions. The partnership between Kinetic and VMware delivers small and mid-size businesses the same control and confidence as major corporations, and it’s easily accessible through an award-winning management portal. “Our customers are … More

The post Kinetic Business unveils SD-WAN built upon VeloCloud technology from VMware appeared first on Help Net Security.

Cyber Security Roundup for May 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.

As well reported, UK foreign exchange firm Travelex business operations were brought to a standstill after its IT systems were severely hit by the Sodinokibi ransomware at the start of the year. It was reported that
 REvil group were behind the attack and had stolen 5Gbs of customer personal data, and then demanded $6 million (£4.6m) in ransom. The Wall Street Journal reported in April 2020 that Travelex had reached a deal, paying $2.3 million (£1.84m) in Bitcoin to the cybercriminals. This sort of response incentivises future ransomware activity against all other businesses and could lead to an inflation of future cyber-extortion demands in my opinion.

Cognizant, a US large digital solutions provider and IT consultancy, was reportedly hit by the Maze ransomware.  Maze, previously known as the 'ChaCha' ransomware, like the Travelex attack, not only encrypts victim's files but steals sensitive data from the IT systems as well. Enabling the bad guys to threaten the publishing of the stolen data if the organisation cough up to their cyber-extortion demands, so the bad guys are very much rinsing and repeating lucrative attacks.

Microsoft wrote an excellent blog covering the 'motley crew' of ransomware payloads  The blog covers ransomware payloads said to be straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

Researchers continue to be busy in exposing large sensitive datasets within misconfigured cloud services.  In April researchers reported 14 million Ring user details exposed in misconfigured AWS open database, fitness software Kinomap had 42 million user details exposed in another misconfigured database, and Maropost had 95 million users exposed, also in a misconfigured database.

Nintendo confirmed 160,000 of its users' accounts had been accessed, exposing PII and Nintendo store accounts. The gaming giant Nintendo said from April, its user's accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming. The company is unaware exactly how the intrusion had occurred, saying it “seems to have been made by impersonating login to “Nintendo Network ID. “If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said. In response to these issues the company has abolished user’s ability to log into their Nintendo account via NNID and passwords for both NNID and Nintendo accounts are being reset and the company is recommending multi-factor authentication be set up for each account.  The account breaches weren't the only cyber issue affecting Nintendo in April, it reported that a bot, dubbed 'Bird Bot' was used by a reseller to buy up Nintendo Switches before customers could make their Switch purchase from Nintendo. The bot using reseller benefits at the expense of consumers, in buying up all available Switches directly from Nintendo, they are able to sell them on for higher prices, so making a quick and easy tidy profit, due to the current high demand of Switches and lack of supply.

April was a busy month for security updates, Microsoft released security patches fixing 113 vulnerabilities on Patch Tuesday and an out-of-band patch for Teams found by researchers at CyberArk. Patch Tuesday for a quiet one for Adobe, though they released fixes for 21 critical vulnerabilities in illustrator and Bridge at the end of the month.  Oracle released a huge 397 fixes for 450 CVEs in over 100 products, which I think is a new record for a patch release!  

Sophos said it and its customers were attacked when a previously unknown SQL injection vulnerability in their physical and virtual XG Firewall units was exploited. “The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN) to the WAN zone that shares the same port as the admin or User Portal were also affected,Sophos said.

There were security critical patch releases for Mozilla Firefox, Chrome (twice), and for 8 Cisco products. A bunch of VMware patches for including a CVSS scored 10 (highest possible) in vCenter, a critical in vRealize Log Insight and a critical cross-site scripting vulnerability in ESXi 6.5 and 6.7. And finally, on the patch front, Intel decided to discontinue multiple products, as it was unable to keep ahead of patch their vulnerabilities.

Stay safe, safe home and watch for the scams.

BLOG
NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE