Broadcom Issues Patches for VMware NSX and vCenter Security Flaws
Broadcom has released security patches for critical flaws affecting several VMware products
VMware provides virtualization and cloud infrastructure software; flaws or misconfigurations can expose hosts, workloads, credentials, and management systems.
Search across headline titles and summaries.
Background for this topic.
VMware is a virtualization platform that runs multiple virtual machines on shared physical servers. Its ESXi hypervisor provides the underlying isolation, while vCenter Server centrally manages hosts, virtual machines, networks, and storage. Because these components operate beneath or across many workloads, compromise of a host or management account can expose multiple systems; virtual-machine isolation reduces risk but is not an absolute security boundary.
Security teams should treat ESXi hosts and management services as privileged infrastructure: restrict management interfaces, separate administrative networks, enforce strong authentication and role-based access, monitor administrative actions, and promptly assess security advisories and patches. Vulnerabilities in the hypervisor, management plane, or virtual networking and storage layers can enable unauthorized access, guest-to-host escape, or service disruption, depending on the flaw and configuration. Incident investigations should also account for host and vCenter logs, snapshots, templates, and backups, which can contain sensitive data or retained credentials.
Weekly headline count for the current query.
Broadcom has released security patches for critical flaws affecting several VMware products
Scattered Spider has targeted VMware vSphere environments, exploiting retail, airline and insurance sectors
Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma
VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, with patches available for customers
Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers
The issue arises from the logging of credentials in hex encoding in platform system audit logs
VMware explained that 8Base employs a combination of encryption and “name-and-shame” tactics
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM
Recorded Future analyzed how threat actors have been exploiting VMware ESXi vulnerabilities over the past three years
Legacy bug in ESXi servers is being targeted by threat actors
Vendor's ESXi hypervisors are being targeted
The flaw reportedly impacted the software on both Windows and Linux systems
Federal agencies have until May 23 to mitigate the vulnerabilities
Russia is seen as biggest threat, according to VMware report