🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥
✕
Login
Home
News
Messages
Startup Showcase
Trackers
Premium
Premium Content
Jobs
Notifications
Settings
Try our Valuation Calculator →
Log In
News on Medial
Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate
Arstechnica
·
5m ago
Medial
VMware has patched three critical vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. These vulnerabilities allow attackers to escape from a virtual machine to the hypervisor, potentially compromising all VMs on that hypervisor. With severity ratings up to 9.3, these vulnerabilities, already exploited in the wild, pose significant security threats. Organizations using affected products should investigate and secure their environments promptly to mitigate these risks.
View Source
Related News
VMware sandbox escape bugs are so critical, patches are released for end-of-life products
Arstechnica
·
1y ago
Medial
VMware has issued an urgent patch for critical vulnerabilities that could allow hackers to bypass security protections in ESXi, Workstation, Fusion, and Cloud Foundation products. The vulnerabilities, which have severity ratings of 9.3 out of 10, enable a hypervisor escape, compromising the effectiveness of the virtual machine's segmentation from the host machine. VMware is recommending immediate action to address this security issue and has provided a matrix showing how the vulnerabilities affect different product versions. The company has not yet observed any active exploitation of these vulnerabilities.
View Source
VMware sandbox escape bugs are so critical, patches are released for end-of-life products
Arstechnica
·
1y ago
Medial
VMware has issued a warning to customers to promptly patch critical vulnerabilities in its ESXi, Workstation, Fusion, and Cloud Foundation products. The vulnerabilities, including two with high severity ratings, expose a gap in the virtual machine sandbox protection, allowing hackers to escape and access sensitive data. VMware has classified the situation as an emergency change requiring immediate action. The company has provided detailed instructions on mitigating the risks, including removing USB controllers as a temporary solution. Although there is no evidence of active exploitation, VMware urges customers to ensure their systems are up to date.
View Source
How APT groups ramped up in 2023
Techradar
·
1y ago
Medial
The article discusses the increasing threat posed by Advanced Persistent Threat (APT) groups in 2023. It highlights that APTs are utilizing various attack techniques, including exploiting vulnerabilities in public-facing applications and spear phishing with attachments. The motivations behind these attacks range from cyber warfare and espionage to financial gain. The article emphasizes the importance of strengthening cybersecurity measures by focusing on vulnerability management, implementing multi-factor authentication, and prioritizing network-edge device security. It concludes by urging organizations to stay proactive and informed to mitigate the impact of APT groups.
View Source
VMware reveals patches for a host of security flaws, so update now
Techradar
·
1y ago
Medial
VMware has released patches for four high-severity vulnerabilities affecting its ESXi, Workstation, and Fusion products. The flaws include use-after-free vulnerabilities in the XHCI USB controller, an out-of-bounds write flaw in ESXi, and an information disclosure vulnerability in UHCI USB controller. Exploitation of these vulnerabilities could lead to remote code execution. VMware advises users to update their products to the recommended versions or remove USB controllers from virtual machines as a temporary workaround.
View Source
Singapore facing 'serious' cyberattack, says minister - The Economic Times
Economic Times
·
20d ago
Medial
Singapore is facing a serious cyberattack on its critical infrastructure, allegedly by the UNC3886 espionage group linked to China. This Advanced Persistent Threat (APT) could disrupt essential services and negatively impact the economy. Coordinating Minister for National Security K. Shanmugam highlighted the significant risks posed by this ongoing threat. China's embassy in Singapore has denied any connection to the attack. The incident underscores the increasing challenges posed by sophisticated cyber attackers.
View Source
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Arstechnica
·
1y ago
Medial
Multiple zero-day vulnerabilities have been identified in Ivanti Connect Secure, a widely used virtual private network (VPN) appliance, allowing threat actors to bypass two-factor authentication and execute malicious code within targeted networks. Tracked as CVE-2023-846805 and CVE-2024-21887, these vulnerabilities have been actively exploited by unidentified threat actors. The compromised appliance was used to steal configuration data, modify files, download remote files, and gain unauthorized access to internal systems. Researchers suspect that a Chinese nation-state-level threat actor is behind the attacks. Mitigation measures are advised, as there is potential for widespread exploitation if the vulnerabilities are not addressed promptly.
View Source
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack
TechCrunch
·
1y ago
Medial
Security researchers have discovered two vulnerabilities in ConnectWise ScreenConnect, a popular remote-access tool used by over a million companies. Hackers are mass exploiting these flaws to deploy ransomware and steal sensitive data. The vulnerabilities include an authentication bypass issue and a path-traversal vulnerability allowing attackers to remotely plant malicious code. Although ConnectWise disclosed the flaws and urged customers to install patches, thousands of servers remain vulnerable. Cybersecurity firms have observed various threat actors exploiting the flaws, deploying password stealers, back doors, and ransomware. The scope of the vulnerabilities' impact is currently unknown.
View Source
Company claims 1,000 percent price hike drove it from VMware to open source rival
Arstechnica
·
7m ago
Medial
UK-based cloud operator, Beeks Group, has migrated most of its 20,000+ virtual machines (VMs) from VMware to the open-source cloud platform, OpenNebula. The move was motivated by a significant increase in VMware costs following Broadcom's takeover. By switching to OpenNebula, Beeks has experienced a 200% increase in VM efficiency and has been able to allocate more of its bare metal server fleet to client loads. The decision to migrate was also influenced by the perception that VMware is non-essential and a decline in VMware support services and innovation.
View Source
A long, costly road ahead for customers abandoning Broadcom’s VMware
Arstechnica
·
6m ago
Medial
The acquisition of VMware by Broadcom has led to dissatisfaction among its clients due to rising costs and complex service changes. Many companies are contemplating reducing or ending their association with VMware. The price increases are attributed to Broadcom's bundling tactics, and technical support has become inadequate. Migrating from VMware is a challenging and costly process, causing hesitancy among users. Despite some potential pricing relief, the overall scenario presents a tough choice for VMware customers.
View Source
Former Binary and HackerOne Employee Launches Web3 AI-Based Security Platform
VCCircle
·
1y ago
Medial
Credshields, a startup founded by cybersecurity experts Shashank and Indranil, aims to address the security challenges faced by the growing Web3 space. They offer automated security tools such as SolidityScan, which detects vulnerabilities in smart contracts, and Quickscan, a fast threat report generator. Credshields has been instrumental in detecting vulnerabilities in high-profile attacks, underscoring the importance of robust security in the Web3 market. The company is working to streamline integration within the software development lifecycle and collaborate with developers and industry leaders to shape the future of Web3 security.
View Source
Trackers
Active Indian VC’s
OG Capital
Email
With a hands-on approach, OG Capital aims to invest in over 20 promising...
Accel Partners
Email
Early and growth-stage investments in disruptive technology companies with...
Blume
Email
Early-stage venture capital firm investing in technology startups in India. Focus on...
Access All Trackers
Startup Showcase Winners
June 2025
Buddy
Helping your parents when you are miles away
BiteStop
The Pit Stop Your Cravings Deserve
Bloomer
The next generation E-commerce platform
Enter Ongoing Startup Showcase
Top Users
Trending News on Medial
Download the medial app to read full posts, comements and news.
Go to Medial App
Not Now
Know everything that’s happening in the startup ecosystem, first.
Enable Notifications?
No, thanks
Count me in