🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate

Arstechnica

Arstechnica · 5m ago

Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate

VMware has patched three critical vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. These vulnerabilities allow attackers to escape from a virtual machine to the hypervisor, potentially compromising all VMs on that hypervisor. With severity ratings up to 9.3, these vulnerabilities, already exploited in the wild, pose significant security threats. Organizations using affected products should investigate and secure their environments promptly to mitigate these risks.

Related News

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

Arstechnica

Arstechnica · 1y ago

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

VMware has issued an urgent patch for critical vulnerabilities that could allow hackers to bypass security protections in ESXi, Workstation, Fusion, and Cloud Foundation products. The vulnerabilities, which have severity ratings of 9.3 out of 10, enable a hypervisor escape, compromising the effectiveness of the virtual machine's segmentation from the host machine. VMware is recommending immediate action to address this security issue and has provided a matrix showing how the vulnerabilities affect different product versions. The company has not yet observed any active exploitation of these vulnerabilities.

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

Arstechnica

Arstechnica · 1y ago

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

VMware has issued a warning to customers to promptly patch critical vulnerabilities in its ESXi, Workstation, Fusion, and Cloud Foundation products. The vulnerabilities, including two with high severity ratings, expose a gap in the virtual machine sandbox protection, allowing hackers to escape and access sensitive data. VMware has classified the situation as an emergency change requiring immediate action. The company has provided detailed instructions on mitigating the risks, including removing USB controllers as a temporary solution. Although there is no evidence of active exploitation, VMware urges customers to ensure their systems are up to date.

How APT groups ramped up in 2023

Techradar

Techradar · 1y ago

How APT groups ramped up in 2023

The article discusses the increasing threat posed by Advanced Persistent Threat (APT) groups in 2023. It highlights that APTs are utilizing various attack techniques, including exploiting vulnerabilities in public-facing applications and spear phishing with attachments. The motivations behind these attacks range from cyber warfare and espionage to financial gain. The article emphasizes the importance of strengthening cybersecurity measures by focusing on vulnerability management, implementing multi-factor authentication, and prioritizing network-edge device security. It concludes by urging organizations to stay proactive and informed to mitigate the impact of APT groups.

VMware reveals patches for a host of security flaws, so update now

Techradar

Techradar · 1y ago

VMware reveals patches for a host of security flaws, so update now

VMware has released patches for four high-severity vulnerabilities affecting its ESXi, Workstation, and Fusion products. The flaws include use-after-free vulnerabilities in the XHCI USB controller, an out-of-bounds write flaw in ESXi, and an information disclosure vulnerability in UHCI USB controller. Exploitation of these vulnerabilities could lead to remote code execution. VMware advises users to update their products to the recommended versions or remove USB controllers from virtual machines as a temporary workaround.

Singapore facing 'serious' cyberattack, says minister - The Economic Times

Economic Times

Economic Times · 20d ago

Singapore facing 'serious' cyberattack, says minister - The Economic Times

Singapore is facing a serious cyberattack on its critical infrastructure, allegedly by the UNC3886 espionage group linked to China. This Advanced Persistent Threat (APT) could disrupt essential services and negatively impact the economy. Coordinating Minister for National Security K. Shanmugam highlighted the significant risks posed by this ongoing threat. China's embassy in Singapore has denied any connection to the attack. The incident underscores the increasing challenges posed by sophisticated cyber attackers.

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Arstechnica

Arstechnica · 1y ago

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Multiple zero-day vulnerabilities have been identified in Ivanti Connect Secure, a widely used virtual private network (VPN) appliance, allowing threat actors to bypass two-factor authentication and execute malicious code within targeted networks. Tracked as CVE-2023-846805 and CVE-2024-21887, these vulnerabilities have been actively exploited by unidentified threat actors. The compromised appliance was used to steal configuration data, modify files, download remote files, and gain unauthorized access to internal systems. Researchers suspect that a Chinese nation-state-level threat actor is behind the attacks. Mitigation measures are advised, as there is potential for widespread exploitation if the vulnerabilities are not addressed promptly.

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

TechCrunch · 1y ago

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers have discovered two vulnerabilities in ConnectWise ScreenConnect, a popular remote-access tool used by over a million companies. Hackers are mass exploiting these flaws to deploy ransomware and steal sensitive data. The vulnerabilities include an authentication bypass issue and a path-traversal vulnerability allowing attackers to remotely plant malicious code. Although ConnectWise disclosed the flaws and urged customers to install patches, thousands of servers remain vulnerable. Cybersecurity firms have observed various threat actors exploiting the flaws, deploying password stealers, back doors, and ransomware. The scope of the vulnerabilities' impact is currently unknown.

Company claims 1,000 percent price hike drove it from VMware to open source rival

Arstechnica

Arstechnica · 7m ago

Company claims 1,000 percent price hike drove it from VMware to open source rival

UK-based cloud operator, Beeks Group, has migrated most of its 20,000+ virtual machines (VMs) from VMware to the open-source cloud platform, OpenNebula. The move was motivated by a significant increase in VMware costs following Broadcom's takeover. By switching to OpenNebula, Beeks has experienced a 200% increase in VM efficiency and has been able to allocate more of its bare metal server fleet to client loads. The decision to migrate was also influenced by the perception that VMware is non-essential and a decline in VMware support services and innovation.

A long, costly road ahead for customers abandoning Broadcom’s VMware

Arstechnica

Arstechnica · 6m ago

A long, costly road ahead for customers abandoning Broadcom’s VMware

The acquisition of VMware by Broadcom has led to dissatisfaction among its clients due to rising costs and complex service changes. Many companies are contemplating reducing or ending their association with VMware. The price increases are attributed to Broadcom's bundling tactics, and technical support has become inadequate. Migrating from VMware is a challenging and costly process, causing hesitancy among users. Despite some potential pricing relief, the overall scenario presents a tough choice for VMware customers.

Former Binary and HackerOne Employee Launches Web3 AI-Based Security Platform

VCCircle

VCCircle · 1y ago

Former Binary and HackerOne Employee Launches Web3 AI-Based Security Platform

Credshields, a startup founded by cybersecurity experts Shashank and Indranil, aims to address the security challenges faced by the growing Web3 space. They offer automated security tools such as SolidityScan, which detects vulnerabilities in smart contracts, and Quickscan, a fast threat report generator. Credshields has been instrumental in detecting vulnerabilities in high-profile attacks, underscoring the importance of robust security in the Web3 market. The company is working to streamline integration within the software development lifecycle and collaborate with developers and industry leaders to shape the future of Web3 security.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.