Tuesday, September 25, 2018
WMware

New VMware Security Advisory VMSA-2018-0023

Today VMware has released the following new security advisory: VMSA-2018-0023 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the...
WMware

New VMware Security Advisory VMSA-2018-0022 and Updated Security Advisory VMSA-2018-0019.1

Today, VMware has released the following new and updated security advisories: VMSA-2018-0022 – VMware Workstation and Fusion updates address an out-of-bounds write issueVMSA-2018-0019.1 – Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability VMSA-2018-0022...
WMware

VMware Security Advisory VMSA-2018-0020 and VMSA-2018-0021 – L1 Terminal Fault (L1TF): CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615

Greetings from the VMware Security Response Center! Today we have published security advisories, knowledge base articles, updates, patches, and tools in response to new Speculative-Execution vulnerabilities in Intel processors known collectively as ‘L1 Terminal Fault’ or ‘L1TF.’ These vulnerabilities are identified...
WMware

New VMware Security Advisory VMSA-2018-0019 and Updated Security Advisory VMSA-2015-0007.7

Today, VMware has released the following new and updated security advisories: VMSA-2018-0019 – Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerabilityVMSA-2015-0007.7 – VMware vCenter and ESXi updates address critical security issues VMSA-2018-0019 documents the remediation...
WMware

VMware Security Advisory: VMSA-2018-0018

Today VMware has released the following new and updated security advisories: VMSA-2018-0018 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post...
WMware

New VMware Security Advisory VMSA-2018-0017

Today, VMware has released the following new security advisory: “VMSA-2018-0017 – VMware Tools update addresses an out-of-bounds read vulnerability” This documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6969) in VMware Tools. Successful exploitation of this issue may lead...
WMware

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

Today VMware has released the following new and updated security advisories: VMSA-2018-0016 – VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities.VMSA-2018-0012.1 – VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative StoreVMSA-2018-0011.1 – Unauthenticated Command...
WMware

VMSA-2018-0015

Today VMware has released the following new and updated security advisories: VMSA-2018-0015 – https://www.vmware.com/security/advisories/VMSA-2018-0015.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...
WMware

New VMware Security Advisory VMSA-2018-0014

Today VMware has released the following new security advisory: “VMSA-2018-0014 – VMware Horizon Client update addresses a privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6964) in VMware Horizon Client for Linux. Successful exploitation of...
WMware

New VMware Security Advisory VMSA-2018-0013

Today, VMware has released the following new security advisory: “VMSA-2018-0013 – VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities” This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963)...
WMware

VMSA-2018-0012

Greetings from the VMware Security Response Center! Today we released VMSA-2018-0012 which documents Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 (Speculative Store Bypass). In addition CVE-2018-3640 (Rogue System Register Read) was also disclosed today. We thought a few points and a documentation summary...
WMware

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

Greetings from the VMware Response Center! Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation. CVE-2018-6251...
WMware

New VMware Security Advisory VMSA-2018-0010

Today VMware has released the following new security advisory: “VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue” This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor...
WMware

New VMware Security Advisory VMSA-2018-0009

Today VMware has released the following new security advisory: VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959). Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation...
WMware

VMSA-2018-0004.3

Greetings from the VMware Security Response Center! It’s time. Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2). We thought it would be a good idea to quickly link all of the documentation which has undergone a major change....

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...