Pierluigi Paganini
June 12, 2018
VMware has found a critical remote code execution vulnerability in the AirWatch Agent applications for Android and Windows Mobile. The agent is installed by users on a mobile device in order to allow the AirWatch to manage it. The flaw, tracked as CVE-2018-6968, “may allow for unauthorized creation and execution of files in the Agent sandbox […]
Pierluigi Paganini
March 17, 2018
VMware has addressed a denial-of-service (DoS) vulnerability, tracked as CVE-2018-6957, in its Workstation 12.x and 14.x and Fusion 10.1.1. and 10.x on OS X products. The affected VMware solutions can be attacked by opening a large number of VNC sessions. The DoS vulnerability was discovered by Lilith Wyatt of Cisco Talos, the flaw could be exploited on Workstation […]
Pierluigi Paganini
February 10, 2018
VMware has provided detailed instruction on how to mitigate the Meltdown and Spectre vulnerabilities in several of its products. VMware is releasing patches and workarounds for its Virtual Appliance products affected by the Meltdown and Spectre vulnerabilities. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive […]
Pierluigi Paganini
December 21, 2017
VMware has released security updates to address four vulnerabilities in its ESXi, vCenter Server Appliance (vCSA), Workstation and Fusion products. The flaws were addressed with the release of six patches for ESXi, version 12.5.8 of Workstation, version 8.5.9 of Fusion, and version 6.5 U1d of vCSA. Some of the flaws could be exploited by an attacker […]
Pierluigi Paganini
October 01, 2017
Cisco researchers discovered a malware campaign abusing a legitimate VMware binary to spread a banking Trojan. The threat actor behind the campaign uses multiple methods of re-direction when infecting the victims’ machines in order to remain under the radar, it also implemented a variety of anti-analysis techniques. The malware is written in Delphi, a novelty for […]
Pierluigi Paganini
August 11, 2017
A mysterious company is offering up to $250,000 for virtual machine (VM) hacks. The “secret” bug bounty program was announced by Bugcrowd. A mysterious company makes the headlines for offering up to $250,000 for virtual machine (VM) hacks. The “secret” bug bounty program was announced by the crowdsourced security testing platform Bugcrowd. At the time I was writing the unique […]
Pierluigi Paganini
November 15, 2016
VMware has patched a critical out-of-bounds memory access vulnerability, tracked as CVE-2016-7461, affecting its Workstation and Fusion products. The flaw, that resides in the affects the drag-and-drop function, can be exploited by attackers to execute arbitrary code on the host operating system running Fusion or Workstation. The security vulnerability affects Workstation Player and Pro 12.x, and […]
Pierluigi Paganini
November 12, 2016
At PwnFest 2016, hackers compromised Windows 10’s Microsoft Edge web browser in just 18 seconds and devised the first attack on VMware Workstation 12.5.1. This week, at the PwnFest 2016 contest held at the Power of Community security conference in Seoul, hackers compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first […]
Pierluigi Paganini
June 10, 2016
EMC Data Domain OS and VMware NSX and vRealize are affected by security issues that could be exploited to gain unauthorized access to data. Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers. An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users […]
Pierluigi Paganini
April 15, 2016
VMware issued a security update to fix a critical vulnerability in the VMware Client Integration Plugin, apply it as soon as possible. VMware issued a Security Advisory related to a critical security vulnerability (CVE-2016-2076) in the VMware Client Integration Plugin urging administrators to urgently apply the needed patch. The flaw could be exploited by attackers to […]
