VMware Offers Up New Ground Truth For Improved Cloud Security
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
Virtualisation security covers hypervisors, virtual machines, and isolated workloads, where flaws or misconfiguration can expose systems and data.
Search across headline titles and summaries.
Background for this topic.
Virtualisation uses software to divide or simulate computing resources so multiple isolated virtual machines (VMs) can share a physical host. Each VM can run its own operating system and applications; a hypervisor controls access to the host’s processors, memory, storage and devices. The term can also include virtual networks and storage, while containers provide a related but less isolated form of workload virtualisation.
Security depends on the hypervisor and its management plane being securely configured, patched and access-controlled. A hypervisor vulnerability or misconfiguration can expose data across VMs, and a VM escape can allow code running in one guest to reach the host or other guests. Virtual machine images, templates and snapshots may retain credentials or sensitive data and therefore require inventory, integrity checks, encryption and controlled retention. Network segmentation between virtual workloads should be enforced through explicit policies rather than assumed from virtual separation. These controls also support reliable investigation and recovery by preserving trustworthy images and records of administrative changes.
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. [...]
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. [...]
JumpCloud integrates with Google Workspace to extend enterprise-quality security capabilities to small and midsize organizations.