Tuesday, May 21, 2019
WMware

New VMware Security Advisory VMSA-2019-0006

Today, VMware has released the following new security advisory: VMSA-2019-0006 – VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities This advisory documents Important Severity issues. Issue (a) VMware ESXi, Workstation and Fusion updates address an out-of-bounds vulnerability (CVE-2019-5516) with...
WMware

New VMware Security Advisories VMSA-2019-0004 & VMSA-2019-0005

Today, VMware has released the following new security advisories: VMSA-2019-0004: VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability This advisory documents a Critical severity Remote Session Hijack vulnerability (CVE-2019-5523) in the Tenant and Provider Portals. Successful exploitation of...
WMware

VMware and Pwn2Own Vancouver 2019

We wanted to post a quick acknowledgement that VMware will have representatives in attendance at Pwn2Own Vancouver 2019 to review any vulnerabilities that may be demonstrated during the security contest. Stay tuned for further updates. As always please sign up...
WMware

New VMware Security Advisories VMSA-2019-0002 & VMSA-2019-0003

VMware has released the following new security advisories: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues. This documents important severity elevation of privilege issues. Issue (a) (CVE-2019-5511). Workstation does not handle paths appropriately. Successful exploitation of this issue may allow...
WMware

VMware Security Advisory VMSA-2019-0001

Today VMware has released the following new and updated security advisories: VMSA-2019-0001 – https://www.vmware.com/security/advisories/VMSA-2019-0001.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...
WMware

New VMware Security Advisory VMSA-2018-0031

Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due...
WMware

CVE-2018-1002105

Greetings from the VMware Security Response Center! Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here: https://discuss.kubernetes.io/t/kubernetes-security-announcement-v1-10-11-v1-11-5-v1-12-3-released-to-address-cve-2018-1002105/3700 This vulnerability affects the following VMware products: -VMware Pivotal Container...
WMware

New VMware Security Advisory VMSA-2018-0029

On November 20th 2018 VMware released the following new security advisory: VMSA-2018-0029 – vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical, important and moderate severity issues affecting VDP. VDP is based on Dell EMC Avamar Virtual...
WMware

VMware and the Tianfu Cup PWN Contest

We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers...
WMware

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
WMware

VMware and the GeekPwn2018 event

VMware is aware of the security vulnerability that was demonstrated at the GeekPwn2018 event. We have been in contact with the organizers of GeekPwn2018 and they have provided us with the details of the issue. We are actively working...
WMware

New VMware Security Advisory VMSA-2018-0026

Today, VMware has released the following new security advisory: VMSA-2018-0026 – VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability The advisory documents the remediation of a Critical severity out-of-bounds read vulnerability (CVE-2018-6974) in VMware ESXi, Workstation, and Fusion....
WMware

New VMSA-2018-0025 and Intel Graphics Driver Unified Shader Compiler Security Updates

Today, VMware has released the following new security advisory: VMSA-2018-0025 – VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability This documents an important severity denial-of-service vulnerability that affects VMware ESXi, Workstation and Fusion. This issue arises due to an...
WMware

VMware Security Advisory: VMSA-2018-0024

Today VMware has released the following new and updated security advisories: VMSA-2018-0024 – https://www.vmware.com/security/advisories/VMSA-2018-0024.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...
WMware

New VMware Security Advisory VMSA-2018-0023

Today VMware has released the following new security advisory: VMSA-2018-0023 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the...
Bruce Schneier

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all...

DDoS Attacks on the Rise After Long Period of Decline

DDoS Attacks on the Rise After Long Period of DeclineThe number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab. The global cybersecurity company’s findings, detailed...
SecurityWeek

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum. read more
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...