A new and allegedly super secure microkernel was made open source today, a move that could have serious security implications across a number sensitive and increasingly connected fields.
Browsing Category: Virtualization
A vulnerability in NetSupport Manager could yield sensitive configuration settings and lead to compromise.
Hackers were able to compromise a server used by Electronic Arts Games this week and rig one of its websites to resemble an Apple log-in page to dole out phishing attacks.
VMware released patches yesterday to fix a vulnerability that could have led to a privilege escalation in older Windows systems running in virtual environments.
VMware has released a slew of patches that fix vulnerabilities in a number of its products, including vCenter Server, vCenter Server Appliance, vSphere Update Manager, ESX and ESXi. Some of the flaws can lead to authentication bypass or denial of service on affected products. The most serious vulnerability is a bug in vCenter Server 5.0 and[...]
Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched.According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order to tamper with memory allocation in the VMCI code and eventually obtain elevated privileges on Windows-based hosts and guest operating systems.
For the third time this year, VMware ESX source code has been posted online. A hacker known as Stun claiming to be affiliated with Anonymous tweeted a link to a torrent site hosting the stolen VMkernel source code. VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code, dating from 1998-2004, is related to code posted in April and May.
Details of a dangerous virtual machine escape exploit were revealed Wednesday by French research outfit VUPEN Security. The attack exploits a recently reported vulnerability in Xen hypervisors and allows an attacker within a guest virtual machine to escape to the host and execute code.
With the deluge of malware and advanced attacks continuing unabated, security approaches that sandbox applications or isolate processes are garnering increased attention. Researcher Joanna Rutkowska and Invisible Things Lab were the latest to go in that direction with the official release on Tuesday of the Qubes operating system.
The Windows version of the Crisis Trojan is able to sneak onto VMware implementations, making it possibly the first malware to target such virtual machines. It also has found a way to spread to Windows Mobile devices.