Shadowserver has observed over 20,000 internet-accessible VMware ESXi instances impacted by an exploited vulnerability.
The post Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances appeared first on SecurityWeek.
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
VMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw.
The post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw appeared first on SecurityWeek.
VMware Patches Critical SQL-Injection Flaw in Aria Automation
VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.
The post VMware Patches Critical SQL-Injection Flaw in Aria Automation appeared first on SecurityWeek.
Critical Code Execution Vulnerabilities Patched in VMware vCenter Server
Serious vulnerabilities that can allow remote code execution and privilege escalation have been patched in VMware vCenter Server.
The post Critical Code Execution Vulnerabilities Patched in VMware vCenter Server appeared first on SecurityWeek.
VMware Abused in Recent MITRE Hack for Persistence, Evasion
MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack.
The post VMware Abused in Recent MITRE Hack for Persistence, Evasion appeared first on SecurityWeek.
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
VMware has patched three vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
The post VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 appeared first on SecurityWeek.
VMware Patches Critical ESXi Sandbox Escape Flaws
The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host.
The post VMware Patches Critical ESXi Sandbox Escape Flaws appeared first on SecurityWeek.
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021
CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half.
The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek.
VMware vCenter Server Vulnerability Exploited in Wild
VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.
The post VMware vCenter Server Vulnerability Exploited in Wild appeared first on SecurityWeek.
VMware Urges Customers to Patch Critical Aria Automation Vulnerability
Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows.
The post VMware Urges Customers to Patch Critical Aria Automation Vulnerability appeared first on SecurityWeek.
