VMware is urging network administrators to remove an out-of-date plug-in for its VSphere, which has two flaws — one of them critical — that can allow attackers with access to a Windows client system to hijack cloud computing sessions. VMware this week released a security advisory addressing the flaws — one tracked as CVE-2024-22245, with … Read more
A deprecated authentication plug-in for VSphere, the enhanced authentication plug-in (EAP), carries two vulnerabilities, one critical, and should be disabled by users. … Source link
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. In this week’s urgent updates, Apple and VMware issued updates for zero-day flaws currently under attack, and researchers detected a rise in attacks on unpatched Apache and Atlassian Confluence servers. Meanwhile, the … Read more
UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability Chinese cyber espionage group UNC3886 has reportedly been exploiting a critical security vulnerability in VMware’s vCenter Server since late 2021. As per the report furnished by cybersecurity firm Mandiant, this significant vulnerability, identified as CVE-2023-34048, was acknowledged and patched by VMware in October. The severity rating … Read more
A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant. On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability tracked as CVE-2023-34048 and a partial information disclosure flaw assigned CVE-2023-34056 that affect vCenter Server. The … Read more
VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. Source link
VMware has released updates for Aria Automation, its multi-cloud infrastructure automation platform for public, private and hybrid clouds, to fix a critical vulnerability that could allow authenticated attackers to access remote organizations and workflows. VMware Cloud Foundation, a suite of software-defined services for setting up private clouds, is also impacted if the products were deployed … Read more
Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. Source link
Nov 15, 2023NewsroomNetwork Securit / Vulnerability VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. “On an … Read more
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack techniquesGame of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. “Disappearing” implants, followed by first fixes for … Read more