Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

VMware

How to navigate changes to VMware licensing.

Humans don’t like change. Whether it’s saying goodbye to your favorite pair of jeans, moving to a new house, or trying a new kind of coffee, we often resist change. But sometimes change is forced on us. For example: Over the past month or so, Broadcom rolled out tremendous changes to VMware licensing. This is why many of our customers and partners are wondering what the changes will mean to them.

VMware ESXi Servers: A Major Attack Vector for Ransomware

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

Multiple Critical Vulnerabilities in VMware vRealize Log Insight

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns.

Critical Remote Code Execution Vulnerability in VMware Cloud Foundation NSX-V: CVE-2021-39144

On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older. A threat actor could perform remote code execution in the context of ‘root’ on the appliance due to an unauthenticated endpoint that leverages XStream for input serialization.

Lookout Powers VMware Workspace ONE Mobile Threat Defense (MTD)

Lookout and VMware recently announced the debut of Workspace ONE Mobile Threat Defense (MTD), a new mobile security solution incorporating Lookout mobile protection technologies. Through this partnership with VMware, Lookout Mobile Endpoint Security is built in and can be activated seamlessly within Workspace ONE. This new solution is an extension of past integrations of Lookout with the Workspace ONE Trust Network.

Critical Authentication Bypass Vulnerability in VMware Products - CVE-2022-22972

On Wednesday, May 18, 2022, VMware published an advisory (VMSA-2022-0014) to address multiple vulnerabilities, including CVE-2022-22972, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This vulnerability was assigned a CVSSv3 score of 9.8, making it a critical vulnerability.

Multiple Critical Vulnerabilities Disclosed in VMware Products

On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass. In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure.

Introducing Orchestrated Disaster Recovery for VMware Applications and Data

Unplanned downtime and data loss caused by natural disasters and modern cyber threats represent some of the most challenging events facing organizations today. Maintaining capabilities to reduce or eliminate impact in these scenarios is critical to any business continuity plan. Organizational resilience depends upon being able to protect and ensure the recoverability of data and services wherever and whenever disaster strikes.

Be Ready for Anything with VMware Cloud on AWS

If the pandemic, catastrophic wildfires, record-setting hurricane season, and “murder hornets” of 2020 have taught us anything, it’s to be prepared for any situation. In business, the motto is “hope for the best, plan for the worst.” Should some sort of disaster – cyber or otherwise – strike, organizations need to be prepared to maintain business as usual with a strong disaster recovery plan in place.

Rezilion to bring autonomous cloud workload protection to VMware Tanzu Service Mesh

Security never rests. Especially at the speed and scale of cloud workloads. Have you heard that VMware announced our collaboration for bringing self-healing as a service for cloud-native workloads communicating via VMware Tanzu Service Mesh, built on VMware NSX? We’ve been getting a lot of questions on the topic and so consider this a first stab at spelling out what we’re doing with Tanzu Service Mesh. You can expect much more detail in the coming weeks.