VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION,SERVER HYPERVISORS
Fortinet | December 14, 2022
Fortinet issued an advisory Monday detailing the heap-based buffer overflow flaw, tracked as CVE-2022-42475, affecting multiple versions of its FortiOS SSL-VPN. Ranked a 9.3 on the common vulnerability scoring system, Fortinet warned the critical flaw could allow a remote unauthenticated attacker to execute arbitrary code.
"Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise," Fortinet wrote in the advisory.
Patches are available, and Fortinet recommended upgrading to the latest versions as well as the unaffected earlier version of FortiOS. In an email to TechTarget Editorial, Fortinet said it also continues to monitor the situation.
While the company's Product Security Incident Response team made the advisory publicly available Monday, it was not the first notification on the critical flaw. Olympe Cyberdefense, a France-based cyber threat intelligence vendor, released an alert Friday citing that a "new critical flaw, not yet made public" affected Fortinet SSL-VPN.
The alert, which was first reported Monday by TechTarget sister publication Le Mag IT, warned the zero-day vulnerability was easy to exploit and that attackers could gain full control of intended devices. Additionally, Olympe Cyberdefense recommended disabling VPN-SSL functionality if it's not essential.
Olympe updated its alert once Fortinet confirmed the vulnerability and urged customers to patch.
In a statement sent to TechTarget Editorial, Claire Tills, senior researcher engineer at Tenable, noted the time gap between the Olympe's initial disclosure and Fortinet's advisory. "Three days after its initial public disclosure, Fortinet patched CVE-2022-42475 and confirmed it has been exploited in the wild," Tills said.
"Fortinet SSL-VPNs have been a major target for years now -- to the extent that the FBI and CISA issued a dedicated advisory to these flaws and their exploitation in 2021. Nation state actors are still known to exploit those legacy vulnerabilities in Fortinet SSL-VPNs. Given that this new vulnerability has already been exploited, organizations should patch CVE-2022-42475 immediately before it joins the ranks of other legacy VPN flaws."
Attacks targeting VPNs have been on the rise, with multiple government warnings since 2020 when remote work increased amid the COVID-19 pandemic. In October, FortiOS faced another critical vulnerability that allowed attackers to bypass authentication and was exploited in the wild. Like Monday's advisory, Fortinet was not the first to publicly disclose the flaw.
Read More
SERVER VIRTUALIZATION
VMware | November 09, 2022
VMware Explore 2022 Europe—For more than two decades, Hewlett Packard Enterprise (NYSE: HPE) and VMware, Inc. (NYSE: VMW) have been at the leading-edge of driving digital transformations, working with more than 200,000 mutual customers. Today at VMware Explore 2022 Europe, the companies announced the next phase of this partnership with HPE GreenLake for VMware, bringing together HPE GreenLake and VMware Cloud to deliver a fully integrated solution with a simple pay-as-you-go hybrid cloud consumption model.
“Today’s announcement with VMware represents the next step in the expanding partner ecosystem of HPE GreenLake, which offers a differentiated edge-to-cloud solution that resonates with customers and partners,” said Antonio Neri, president and chief executive officer, HPE. “Together, HPE and VMware will give organizations greater choice and flexibility with a fully integrated hybrid cloud offering designed to accelerate innovation and data first modernization.”
“Organizations are looking to evolve from a state of cloud chaos where cost and complexity reign, to a more cloud smart approach, VMware Cloud is the trusted platform for enterprise workloads on private and public clouds that gives customers the flexibility and choice to become cloud smart. VMware and HPE will enable customers to combine VMware’s state-of-the-art multi-cloud software with HPE GreenLake’s cloud operating model and consumption economics to support any workload on a modern hybrid cloud.”
Raghu Raghuram, chief executive officer at VMware
Modern Hybrid Cloud Made Fast and Simple
Many organizations today seek the simplicity of a turnkey hybrid cloud that integrates leading software, infrastructure, and services from the vendors of their choice, all delivered from a single strategic partner as a cloud service. This approach accelerates deployment and simplifies operational complexity to enable customers to quickly deploy their hybrid cloud.
HPE GreenLake for VMware will provide customers with a fully integrated and modern hybrid cloud experience. Customers will benefit from a true cloud experience coupled with the benefit of purchasing only the amount of infrastructure they require through a pay-as-you-go cloud consumption model. Customers will also have the flexibility to determine the best environment for operating their hybrid cloud. VMware Cloud can be fully integrated across the HPE GreenLake portfolio including HPE GreenLake for Private Cloud Enterprise and customers will be able to deploy on-premises, in colocation facilities or at the edge, all managed by HPE GreenLake.
The HPE GreenLake edge-to-cloud platform provides customers and partners with a unified experience, and easy access to more than 70 cloud services. Today, HPE GreenLake supports more than 120,000 users, powers more than two million connected devices, and manages more than one exabyte of data with customers worldwide. Among the top 100 HPE customers, nearly 80 percent have already adopted the HPE GreenLake platform. Organizations benefit from one platform from which to automate, orchestrate, and run their hybrid cloud strategy.
VMware Cloud delivers a modern multi-cloud infrastructure on any cloud, with built-in Kubernetes, integrated security and the best possible TCO. VMware Cloud makes modern application development and deployment faster, easier, and less expensive by making Kubernetes part of the core infrastructure platform. VMware Cloud is more secure by design, enabling micro-segmentation to stop modern lateral threats that move within and across cloud and data center environments. HPE GreenLake customers will be able to extend VMware Cloud environments to a variety of colocation and edge environments, bringing cloud capacity to the places where distributed applications need it most.
Hybrid Cloud Delivered by Trusted Leaders in Enterprise Innovation
With a history of co-engineered solutions, customers can be confident deploying an enterprise hybrid cloud designed, managed, and supported by HPE and VMware. HPE and VMware share the industry’s largest virtualized server footprint, and collectively have more than 100,000+ global partners and 25,000+ solution experts. As joint collaboration partners within the expanding HPE GreenLake ecosystem, HPE and VMware will continue to accelerate the pace of co-innovation, such as industry-first support for VMware vSphere on DPUs.
Availability
HPE GreenLake for VMware is expected to be available in the first half of calendar year 2023.
About Hewlett Packard Enterprise
Hewlett Packard Enterprise is the global edge-to-cloud company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High Performance Computing & AI, Intelligent Edge, Software, and Storage, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. For more information, visit: www.hpe.com.
About VMware
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
Read More
VIRTUAL DESKTOP TOOLS
StorMagic | November 16, 2022
StorMagic, solving the world’s edge data problems, today announced that StorMagic SvSAN has been validated with Hewlett Packard Enterprise (HPE) ProLiant MicroServer Gen10 Plus platform. The combination of HPE’s most compact ProLiant server and StorMagic’s hyperconverged software brings simplicity of management and 100 percent uptime to any application, even in the smallest edge locations.
“The HPE ProLiant MicroServer Gen10 Plus server delivers a powerful platform in a tiny form factor that is perfect for customers looking to save space at small sites,” said Maciek Szczesniak, Vice President and General Manager of SMB & Mid-Market at HPE. “StorMagic SvSAN on HPE servers delivers a robust, powerful all-in-one architecture for edge computing environments, with no server rack required. Solutions like this will help us deliver on our SMB strategy to deliver simplified offerings to fuel business growth.”
StorMagic SvSAN runs on any hypervisor as a guest virtual machine to enable complete, highly-available shared storage and virtualization with only two MicroServer servers per site. Its shared storage executes active-active synchronous mirroring to create a copy of data on both servers, eliminating downtime. HPE ProLiant MicroServer is easy to install, scale and manage. The solution delivers the reliability demanded by edge computing customers, has low power requirements and provides users with key features like high availability clustering, rolling software upgrades and data security, all in a compact unit.
“StorMagic is thrilled to further expand its partnership with HPE through the validation of their most compact ProLiant server ever, Our joint customers will benefit from this footprint reduction at their small sites as well as the 100 percent uptime delivered by SvSAN.”
Brian Grainger, president of StorMagic Inc. and CRO, StorMagic
StorMagic is an active member of the HPE Complete Partner Program and the HPE Partner Ready for Technology Partner Program. HPE ProLiant MicroServer and HPE Edgeline systems validated with SvSAN are available today from HPE or StorMagic’s global network of reseller partners.
About StorMagic
StorMagic is solving the world’s edge data problems. We help organizations store, protect and use their data at and from the edge. StorMagic’s Forever Data solutions ensure data is always protected and available, no matter the type or location, to provide value anytime, anywhere. StorMagic’s storage, surveillance and security products are flexible, robust, easy to use and cost-effective, without sacrificing enterprise-class features, for organizations with one to thousands of sites.
Read More