Security news aggregator

Latest coverage for Virtualisation

Virtualisation security covers hypervisors, virtual machines, and isolated workloads, where flaws or misconfiguration can expose systems and data.

52 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Virtualisation uses software to divide or simulate computing resources so multiple isolated virtual machines (VMs) can share a physical host. Each VM can run its own operating system and applications; a hypervisor controls access to the host’s processors, memory, storage and devices. The term can also include virtual networks and storage, while containers provide a related but less isolated form of workload virtualisation.

Security depends on the hypervisor and its management plane being securely configured, patched and access-controlled. A hypervisor vulnerability or misconfiguration can expose data across VMs, and a VM escape can allow code running in one guest to reach the host or other guests. Virtual machine images, templates and snapshots may retain credentials or sensitive data and therefore require inventory, integrity checks, encryption and controlled retention. Network segmentation between virtual workloads should be enforced through explicit policies rather than assumed from virtual separation. These controls also support reliable investigation and recovery by preserving trustworthy images and records of administrative changes.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 52 Filtered view

Omnissa telemetry suggests business buyers are loving Apple and Google End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft.…

Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.…

There's only one rule – don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.…

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”, pointed to the presence of the holes in products from the likes of Microsoft and VMware, and urged all software developers to adopt secure-by-design practices to avoid creating more of them.…

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…

If you didn't fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…

If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn't work.…

Get those patches applied – all the big dogs are abusing it Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that has security experts deeply concerned.…

Loading more headlines...