Security news aggregator

Latest coverage for VMware

VMware provides virtualization and cloud infrastructure software; flaws or misconfigurations can expose hosts, workloads, credentials, and management systems.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

VMware is a virtualization platform that runs multiple virtual machines on shared physical servers. Its ESXi hypervisor provides the underlying isolation, while vCenter Server centrally manages hosts, virtual machines, networks, and storage. Because these components operate beneath or across many workloads, compromise of a host or management account can expose multiple systems; virtual-machine isolation reduces risk but is not an absolute security boundary.

Security teams should treat ESXi hosts and management services as privileged infrastructure: restrict management interfaces, separate administrative networks, enforce strong authentication and role-based access, monitor administrative actions, and promptly assess security advisories and patches. Vulnerabilities in the hypervisor, management plane, or virtual networking and storage layers can enable unauthorized access, guest-to-host escape, or service disruption, depending on the flaw and configuration. Incident investigations should also account for host and vCenter logs, snapshots, templates, and backups, which can contain sensitive data or retained credentials.

Showing 3 most recent headlines Filtered view
Bank Info Security 2 years, 7 months ago

Lazarus Exploits Log4Shell to Deploy Telegram-Based Malware

North Korean Hackers Deploy Novel Malware FamiliesNorth Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.

The Register 2 years, 7 months ago

Final Patch Tuesday of 2023 goes out with a bang

Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party It's the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course.…