Critical gaps: VMware secures applications against malicious code from UPDATE

| April 28, 2017

article image
In several versions of HorizonView, Unified Access Gateway, and VMware Workstation, some vulnerable vulnerabilities are assigned to seven CVE numbers. This is the result of an official security warning . Anyone using any of the applications should quickly install the secure output. The emergency team of the BSI CERT Confederation classifies the risk posed by the security gaps as "very high". Unauthorized attackers are supposed to be able to paralyze devices not only via DoS attacks, but can also execute malicious code. When the gaps are exploited, memory errors (heap buffer-overflow, out-of-bounds, integer overflow) and, ultimately, attackers could compromise entire systems. An overlap can be initiated, for example, using a manipulated JPEG2000 image and TrueType font.

Spotlight

SANS Institute

SANS is the most trusted and by far the largest source for information and cybersecurity training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center.

OTHER ARTICLES

Security concerns hampering adoption of containers and Kubernetes

Article | February 19, 2020

Enterprises are having significant problems with security when it comes to Kubernetes and container deployments, according to a new survey from security company StackRox. In the winter 2020 edition of its State of Container and Kubernetes Security Report, StackRox researchers found that 94% of respondents experienced a security incident in their Kubernetes and container environments during the last 12 months. This very high number of security incidents led to about 44% of organizations delaying or outright halting application deployment into production.Researchers spoke with more than 540 IT professionals, the majority of whom work for tech companies or organizations involved in financial services.

Read More

Why America Must win the Race to 5G

Article | March 15, 2020

The United States has entered another technology duel on par with the space race—the race for the 5G network. It will revolutionize digital interconnectivity through enhanced data processing and storage capacity. The Chinese technology giant Huawei is capturing the 5G telecommunications equipment industry worldwide. Huawei promotes contracts covering every aspect of the 5G network from financing to installation. The United States is concerned that the company’s growth amplifies China���s political sway and brings security vulnerabilities. Huawei is subservient to the communist government under Chinese law. Multiple governments have indicted Huawei for espionage, theft, bribery, and corruption. The United States has added to these charges obstruction of justice, fraud, and illicit sales to the rogue regimes of Iran and North Korea. As the West and China haggle over the 5G market, several nations face a telling choice. To meet the 5G challenge, the United States should negotiate trade agreements on end-to-end 5G services, create supply chains for upcoming virtualized 5G networks, support alternate suppliers, and invest in domestic research to dampen Huawei’s expansion.

Read More

vSphere 7 – Announcing General Availability of the New Generation of vSphere

Article | April 3, 2020

VMware vSphere 7, the new generation of vSphere, is now generally available. This major new release brings a massive improvement in the work experience of vSphere administrators, folks who are responsible for the security, performance, and resiliency of the infrastructure and applications that provide all the key services to their organizations. The purpose of this major release from vSphere is two-fold. The first is to embed containers and Kubernetes into vSphere, unifying them with virtual machines as first class citizens. This enables all vSphere administrators to become Kubernetes administrators and easily deliver new services to their developers. More on this in part two of this blog post, when vSphere 7 with Kubernetes becomes available as part of VMware Cloud Foundation 4. If you’re interested in vSphere 7 with Kubernetes, please visit the VMware Cloud Foundation blog site to learn more.

Read More

Benefits of Kubernetes on bare metal cloud infrastructure

Article | March 3, 2020

Let’s start with a brief recap on cloud native and CNCF – Cloud Native Computing Foundation. With the introduction of 5G, new use cases drive the need for designing applications based on containers and service-based architecture to address some technology gaps associated with virtualization. The most important technology gaps involve smoother software upgrades, automation and the realization of a CI/CD software pipeline to end customers. In the center of cloud native technology development is CNCF, an open source community driving the adoption of the cloud native paradigm across industries by fostering collaboration between the industry’s top developers, end users and vendors. Since CNCF is such a huge community, the focus on the telecom industry has been limited. But now with the formation of the Telecom User Group (A Special Interest Group) within CNCF, Ericsson has taken a leading role in telecom related discussions in the community.

Read More

Spotlight

SANS Institute

SANS is the most trusted and by far the largest source for information and cybersecurity training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center.

Events