Wednesday, February 20, 2019
WMware

VMware Security Advisory VMSA-2019-0001

Today VMware has released the following new and updated security advisories: VMSA-2019-0001 – https://www.vmware.com/security/advisories/VMSA-2019-0001.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...
WMware

New VMware Security Advisory VMSA-2018-0031

Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due...
WMware

CVE-2018-1002105

Greetings from the VMware Security Response Center! Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here: https://discuss.kubernetes.io/t/kubernetes-security-announcement-v1-10-11-v1-11-5-v1-12-3-released-to-address-cve-2018-1002105/3700 This vulnerability affects the following VMware products: -VMware Pivotal Container...
WMware

New VMware Security Advisory VMSA-2018-0029

On November 20th 2018 VMware released the following new security advisory: VMSA-2018-0029 – vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical, important and moderate severity issues affecting VDP. VDP is based on Dell EMC Avamar Virtual...
WMware

VMware and the Tianfu Cup PWN Contest

We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers...
WMware

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
WMware

VMware and the GeekPwn2018 event

VMware is aware of the security vulnerability that was demonstrated at the GeekPwn2018 event. We have been in contact with the organizers of GeekPwn2018 and they have provided us with the details of the issue. We are actively working...
WMware

New VMware Security Advisory VMSA-2018-0026

Today, VMware has released the following new security advisory: VMSA-2018-0026 – VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability The advisory documents the remediation of a Critical severity out-of-bounds read vulnerability (CVE-2018-6974) in VMware ESXi, Workstation, and Fusion....
WMware

New VMSA-2018-0025 and Intel Graphics Driver Unified Shader Compiler Security Updates

Today, VMware has released the following new security advisory: VMSA-2018-0025 – VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability This documents an important severity denial-of-service vulnerability that affects VMware ESXi, Workstation and Fusion. This issue arises due to an...
WMware

VMware Security Advisory: VMSA-2018-0024

Today VMware has released the following new and updated security advisories: VMSA-2018-0024 – https://www.vmware.com/security/advisories/VMSA-2018-0024.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...
WMware

New VMware Security Advisory VMSA-2018-0023

Today VMware has released the following new security advisory: VMSA-2018-0023 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the...
WMware

New VMware Security Advisory VMSA-2018-0022 and Updated Security Advisory VMSA-2018-0019.1

Today, VMware has released the following new and updated security advisories: VMSA-2018-0022 – VMware Workstation and Fusion updates address an out-of-bounds write issueVMSA-2018-0019.1 – Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability VMSA-2018-0022...
WMware

VMware Security Advisory VMSA-2018-0020 and VMSA-2018-0021 – L1 Terminal Fault (L1TF): CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615

Greetings from the VMware Security Response Center! Today we have published security advisories, knowledge base articles, updates, patches, and tools in response to new Speculative-Execution vulnerabilities in Intel processors known collectively as ‘L1 Terminal Fault’ or ‘L1TF.’ These vulnerabilities are identified...
WMware

New VMware Security Advisory VMSA-2018-0019 and Updated Security Advisory VMSA-2015-0007.7

Today, VMware has released the following new and updated security advisories: VMSA-2018-0019 – Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerabilityVMSA-2015-0007.7 – VMware vCenter and ESXi updates address critical security issues VMSA-2018-0019 documents the remediation...
WMware

VMware Security Advisory: VMSA-2018-0018

Today VMware has released the following new and updated security advisories: VMSA-2018-0018 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post...

Can you really sniff out gas station card skimmers with your phone?

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...
SecurityWeek

Canada Helping Australia Determine ‘Full Extent’ of Hack

Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election. read more

Researcher: Not Hard for a Hacker to Capsize a Ship at Sea

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively...
SC Magazine

30 years in: My, how SC and security have changed

1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia,...
SecurityWeek

WinPot ATM Malware Resembles a Slot Machine

A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.  Dubbed WinPot, the malware was initially detected in March last year, targeting the ATMs of a popular vendor to...