Cloud Security, Cloud Security

VMWare patches severe security flaws in ESXi, Workstation and Fusion

VMWare said it has released a critical security update resolving vulnerabilities that were discovered in the company's Workstation, Fusion and ESXi offerings and which could allow threat actors to access workloads within their targets' virtual environments, Threatpost reports. The company noted that while the five security flaws range in ratings on the CVSS vulnerability-severity scale from 5.3 to 8.4 out of 10, or "important” to "moderate” in severity, threat actors could potentially join these together to produce worse outcomes. "Combining these issues may result in higher severity, hence the severity of this [advisory] is at severity level critical,” VMWare said. The company noted in its advisory that while patching Workstation, Fusion and ESXi is the fastest way to address the flaws, users could also opt for a workaround in which they remove USB controllers from their virtual machines. However, it notes that this option "may be infeasible at scale…and does not eliminate the potential threat like patching does,” the company said in its advisory.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.