Thursday, July 19, 2018

New VMware Security Advisory VMSA-2018-0017

Today, VMware has released the following new security advisory: “VMSA-2018-0017 – VMware Tools update addresses an out-of-bounds read vulnerability” This documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6969) in VMware Tools. Successful exploitation of this issue may lead...

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

Today VMware has released the following new and updated security advisories: VMSA-2018-0016 – VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities.VMSA-2018-0012.1 – VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative StoreVMSA-2018-0011.1 – Unauthenticated Command...

VMSA-2018-0015

Today VMware has released the following new and updated security advisories: VMSA-2018-0015 – https://www.vmware.com/security/advisories/VMSA-2018-0015.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware...

New VMware Security Advisory VMSA-2018-0014

Today VMware has released the following new security advisory: “VMSA-2018-0014 – VMware Horizon Client update addresses a privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6964) in VMware Horizon Client for Linux. Successful exploitation of...

New VMware Security Advisory VMSA-2018-0013

Today, VMware has released the following new security advisory: “VMSA-2018-0013 – VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities” This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963)...

VMSA-2018-0012

Greetings from the VMware Security Response Center! Today we released VMSA-2018-0012 which documents Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 (Speculative Store Bypass). In addition CVE-2018-3640 (Rogue System Register Read) was also disclosed today. We thought a few points and a documentation summary...

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

Greetings from the VMware Response Center! Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation. CVE-2018-6251...

New VMware Security Advisory VMSA-2018-0010

Today VMware has released the following new security advisory: “VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue” This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor...

New VMware Security Advisory VMSA-2018-0009

Today VMware has released the following new security advisory: VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959). Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation...

VMSA-2018-0004.3

Greetings from the VMware Security Response Center! It’s time. Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2). We thought it would be a good idea to quickly link all of the documentation which has undergone a major change....

New VMware Security Advisory VMSA-2018-0008

Today, VMware has released the following new security advisory: “VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability This documents the remediation of an Important severity denial-of-service vulnerability (CVE-2018-6957) affecting VMware Workstation and Fusion. This issue can be triggered by...

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

I’d like to apologize for the previous blog post, this was an old draft that was later revised. The following is the message we intended to send: Greetings from the VMware Security Response Center! We thought we should post an explanation...

VMware Security Advisory VMSA-2018-0007

Today VMware has released the following new and updated security advisories: VMSA-2018-0007 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post...

VMware Security Advisory VMSA-2018-0006

Today VMware has released the following new and updated security advisories: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities Please sign up to the Security-Announce mailing list to receive new and updated VMware Security...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.