VMware Offers Up New Ground Truth For Improved Cloud Security
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
VMware provides virtualization and cloud infrastructure software; flaws or misconfigurations can expose hosts, workloads, credentials, and management systems.
Search across headline titles and summaries.
Background for this topic.
VMware is a virtualization platform that runs multiple virtual machines on shared physical servers. Its ESXi hypervisor provides the underlying isolation, while vCenter Server centrally manages hosts, virtual machines, networks, and storage. Because these components operate beneath or across many workloads, compromise of a host or management account can expose multiple systems; virtual-machine isolation reduces risk but is not an absolute security boundary.
Security teams should treat ESXi hosts and management services as privileged infrastructure: restrict management interfaces, separate administrative networks, enforce strong authentication and role-based access, monitor administrative actions, and promptly assess security advisories and patches. Vulnerabilities in the hypervisor, management plane, or virtual networking and storage layers can enable unauthorized access, guest-to-host escape, or service disruption, depending on the flaw and configuration. Incident investigations should also account for host and vCenter logs, snapshots, templates, and backups, which can contain sensitive data or retained credentials.
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. [...]
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. [...]
JumpCloud integrates with Google Workspace to extend enterprise-quality security capabilities to small and midsize organizations.