Virtual Desktop Strategies

Pentera Finds Two Zero-Day Vulnerabilities in VMWare vCenter, Exposing More Than 500,000 Companies Globally

Pentera_Finds_Two
Pentera, the leader in Automated Security Validation (ASV), today announced its Pentera Labs team discovered two zero-day vulnerabilities. If exploited by threat actors, the critical attack path may result in the ability to disable, disrupt and destroy VMware vCenter managed environments in over 500,000 organizations globally.

The vulnerabilities were reported to VMware by Senior Security Researcher Yuval Lazar and released under CVE-2022-22948 and CVE-2021-22015 with a patch. Pentera Labs’ technical review of the vulnerabilities can be found here. Discovered vulnerabilities require immediate patching to prevent malicious actors from achieving remote access to vCenter and inflicting widespread damage on organizations.

Installed in thousands of organizations worldwide and managing some of their most critical asset and core systems, VMware vCenter Servers are a high-priority target for cybercriminals. Once compromised, the ease and convenience that vCenter offers for managing virtualized hosts in enterprise environments will play into the adversary’s hands, providing centralized access and widespread Impact.

“As part of our daily work, we research the entire enterprise IT attack surfaces, including the exploitability of virtual workload environments such as vCenter and ESXi and discovered zero-day vulnerabilities,” said Alex Spivakovsky, VP of Research at Pentera. “We’re glad to have discovered and immediately disclosed these vulnerabilities to strengthen the defender community and have not seen evidence that malicious actors exploited it at this time.”

Pentera’s interest in VMWare’s vCenter started because of previously reported vulnerabilities, increasing demand from customers and threats observed in the wild, most notably recent reports of a python ransomware strain targeting ESXi. The team will continue to identify potential vulnerabilities within the platform that could affect businesses globally.

Security readiness is not determined by a single vulnerability or the security team’s ability to discover and patch it. Our award-winning security validation platform autonomously emulates the entire cyberattack kill chain and provides peace of mind for security leaders facing a multitude of internal and external attacks.”

Pentera co-founder and CTO, Dr. Arik Liberzon


About Pentera
Pentera is the category leader for Automated Security Validation, allowing every organization to easily test the integrity of all cybersecurity layers, unfolding accurate, current security exposures at any moment, at any scale. Thousands of security professionals and service providers worldwide use Pentera to guide remediation and close security gaps before they are exploited.

Spotlight

Spotlight

Related News

Virtualized Environments

Ludium Lab, Access, and XPENG present Europe's first cloud gaming platform for in-car entertainment

GlobeNewswire | January 05, 2024

ACCESS, Ludium Lab, and XPENG today announced they have collaborated to make cloud gaming for in-car displays a reality. This project combines ACCESS IVI (in-vehicle infotainment) technology with Ludium Lab's cloud gaming platform to enable XPENG customers can enjoy state-of-the-art cloud gaming. The project sees SoraStream white-labeled as XPLAY from Ludium Lab, and enabled through the Twine4Car app store platform from ACCESS provided in XPENG vehicles. XPLAY gives users access to a large catalog of PC, mobile, and console games, including major AAA games and games exclusive to Ludium Lab. “In-car entertainment is an increasingly important part of the car-buying decision, so offering an exciting portfolio of audio, games, and video entertainment through XPLAY is critical,” said Brian Gu, Vice Chairman and President of XPENG. “The collaboration with ACCESS and Ludium Labs ensures that easy and enjoyable journeys in an XPENG will be engaging for everyone thanks to the high-quality cloud gaming developed specifically for our extra-wide infotainment screens.” A stand-out feature of the gaming performance is the 60 FPS Full HD games that can be played on XPENG infotainment screens. Users do not need to download any games, and the service includes parental controls. The XPLAY service also uses a monthly subscription model. “Our Twine4Car Platform and App Store is a content aggregation platform that for the first time brings together the latest in IVI technology and premium content in a fully OEM-branded interface,” said Aono Masahiro, CEO of ACCESS Europe. “The addition of Sora Stream from Ludium Lab ensures that XPENG car users have access to a truly engaging mobility experience” “The collaboration between all three companies has been essential in enabling the launch of this disruptive and innovative in-car cloud-gaming service,” says Juan José Martín, CEO of Ludium Lab. “Our SoraStream solution offers a large video game catalog for all kinds of players, making this project an exciting opportunity for XPENG customers.” About Ludium Lab Ludium Lab is a technology company founded in Spain in 2012. Expert and leader in cloud services and solutions, the company works in more than 60 countries around the world. Its activity is currently focused on adapting its technology to cloud gaming platforms (SoraStream development), automotive (ICE), metaverse solution, SaaS and XR (Vr/Ar). The team is working to perfect its software virtualization technology and implementation in different solutions and products, with high quality and low costs. About ACCESS Since 1984, ACCESS CO., LTD. (Tokyo Stock Exchange Prime Market, Index, 4813) has been providing advanced IT solutions centred on mobile and network software technologies to telecom carriers, consumer electronics manufacturers, broadcasting and publishing companies, the automotive industry and energy infrastructure providers around the world. The company develops mobile software solutions that have been installed on over 1.5 billion devices, and network software solutions that have been used by hundreds of companies. Utilising its network virtualisation technology expertise and knowledge, the company is currently focusing on the development and commercialisation of Internet of Things (IoT) and media solutions that combine embedded and cloud technology. Headquartered in Tokyo, Japan, the company maintains subsidiaries and affiliates in Asia, Europe and the United States to support and expand its business globally. About XPENG XPENG is a global smart electric vehicle company founded in 2014 in Guangzhou, China, developing clean, intuitive, and creative mobility solutions. With industry-leading R&D facilities, XPENG is bringing vehicles with superior safety, electric efficiency, and on-road performance to markets across the globe. The company is constantly working to advance its core technology offering, including autonomous driving capabilities, SEPA 2.0, and captivating in-car infotainment systems. XPENG has headquarters in Guangzhou and Amsterdam, with additional offices in Beijing, Shanghai, and Silicon Valley. XPENG has started sales in Norway, Sweden, Denmark, and the Netherlands with its P7 sports sedan and ultra-fast charging G9 SUV in 2023.

Read More

Server Virtualization

Panasonic Automotive Introduces Neuron High-Performance Compute (HPC) to Advance to a Software-Defined Mobility Future

PR Newswire | January 09, 2024

Panasonic Automotive Systems Company of America, a tier-one automotive supplier and a division of Panasonic Corporation of North America, announced its High-Performance Compute (HPC) system. Named Neuron, this innovation addresses the rapidly evolving mobility needs anticipated for software-defined vehicle advancements. As vehicles become more software reliant, vehicle systems must support the extended software lifecycle by enabling software upgrades and prolonging the supporting hardware capability. Cars rely on hardware and software compute platforms to process, share, sense, and derive insights to handle functions for assisted driving. Panasonic Automotive's Neuron HPC allows for not only software updates and upgrades but also hardware upgrades across platform lifecycles. The Neuron HPC can aggregate multiple computing zones to reduce the cost, weight and integration complexity of the vehicle by removing redundant components. Panasonic Automotive's design supports effortless up-integration with high-performance and heavy data input processing capability. Importantly, the design is upgradeable, scalable and future-proof across today's evolving in-vehicle platforms. Neuron HPC Architecture & Design Panasonic Automotive's High Performance Compute architecture could reduce the number of distributed electronic control units (ECUs) by up to 80%1 – allowing for faster, lighter, cross-domain computing for real-time, cross-functional communications. The Neuron HPC design is suited for any mobility platform including internal combustion engine, hybrid, fuel cell or electric vehicles. "In collaboration with OEMs, Panasonic Automotive has designed and met some of the largest central compute platform challenges in the industry in order to make the driving experience evolve with technology," said Andrew Poliak, CTO, Panasonic Automotive Systems Company of America. "Neuron maximizes performance, safety and innovation over the entire ownership of the consumer's vehicle and enables OEMs with a future-proof SDV platform for ensuing generations of mobility needs." Key Systems, UX Features & Technical Benefits With a streamlined design, the Neuron HPC incorporates up-integration capability by consolidating multiple ECUs into one centralized nucleus to handle all levels of ADAS, chassis, body, and in-cabin infotainment features. About Panasonic Automotive Systems Company of America  Panasonic Automotive Systems Company of America is a division company of Panasonic Corporation of North America and is a leading global supplier of automotive infotainment and connectivity system solutions. Panasonic Automotive Systems Company of America acts as the North American affiliate of Panasonic Automotive Systems Co., Ltd., which coordinates global automotive. Panasonic Automotive Systems Company of America is headquartered in Peachtree City, Georgia, with sales, marketing and engineering operations in Farmington Hills, Mich. About Panasonic Corporation of North America Newark, NJ-based Panasonic Corporation of North America is committed to creating a better life and a better world by enabling its customers through innovations in Sustainable Energy, Immersive Entertainment, Integrated Supply Chains and Mobility Solutions. The company is the principal North American subsidiary of Osaka, Japan-based Panasonic Corporation. One of Interbrand's Top 100 Best Global Brands of 2023, Panasonic is a leading technology partner and integrator to businesses, government agencies and consumers across the region.

Read More

Server Virtualization

AELF Partners with ChainsAtlas to Pioneer Interoperability in Blockchain

PR Newswire | January 09, 2024

aelf is advancing cross-chain interoperability through a strategic partnership with ChainsAtlas. By utilising ChainsAtlas' innovative virtualisation technology, aelf will enable decentralised applications (dApps) from diverse blockchains to seamlessly migrate and integrate into the aelf blockchain, regardless of the dApps' smart contract specifications. This collaboration marks a significant step towards a globally interconnected and efficient blockchain ecosystem, breaking down the silos between blockchains. Khaniff Lau, Business Development Director at aelf, shares, "The strategic partnership with ChainsAtlas is a significant step towards realising our vision of a seamlessly interconnected blockchain world. With this integration, aelf is set to become a hub for cross-chain activities, enhancing our ability to support a wide array of dApps, digital assets, and Web2 apps. This collaboration is not just about technology integration; it's about shaping the future of how services and products on blockchains interact and operate in synergy." Jan Hanken, Co-founder of ChainsAtlas, says, "ChainsAtlas was always built to achieve two major goals: to make blockchain development accessible to a broad spectrum of developers and entrepreneurs and, along that path, to pave the way for a truly omnichain future." "By joining forces with aelf, we are bringing that visionary future much closer to reality. As we anticipate the influx of creativity from innovators taking their first steps into the world of Web3 on aelf, driven by ChainsAtlas technology, we are excited to see these groundbreaking ideas come to life," adds Hanken. The foundation for true cross-chain interoperability is being built as aelf integrates ChainsAtlas' Virtualization Unit (VU), enabling the aelf blockchain to accommodate both EVM and non-EVM digital assets. This cross-chain functionality is accomplished through ChainsAtlas' virtualisation technology, allowing aelf to interpret and execute smart contracts written in other languages supported by ChainsAtlas, while also establishing state transfer mechanisms that facilitate seamless data and asset flow between aelf and other blockchains. Through this partnership, aelf blockchain's capabilities will be enhanced as it is able to support a more comprehensive range of dApps and games, and developers from diverse coding backgrounds will now be empowered to build on aelf blockchain. This partnership will also foster increased engagement within the Web3 community as users can gain access to a more diverse range of digital assets on aelf. Looking ahead, the partnership between aelf and ChainsAtlas will play a pivotal role in advancing the evolution of aelf's sidechains by enabling simultaneous execution of program components across multiple VUs on different blockchains. About aelf aelf, a high-performance Layer 1 featuring multi-sidechain technology for unlimited scalability. aelf blockchain is designed to power the development of Web3 and support its continuous advancement into the future. Founded in 2017 with its global hub based in Singapore, aelf is one of the pioneers of the mainchain-sidechain architecture concept. Incorporating key foundational components, including AEDPoS, aelf's variation of a Delegated Proof-of-Stake (DPoS) consensus protocol; parallel processing; peer-to-peer (P2P) network communication; cross-chain bridges, and a dynamic side chain indexing mechanism, aelf delivers a highly efficient, safe, and modular ecosystem with high throughput, scalability, and interoperability. aelf facilitates the building, integrating, and deploying of smart contracts and decentralised apps (dApps) on its blockchain with its native C# software development kit (SDK) and SDKs in other languages, including Java, JS, Python, and Go. aelf's ecosystem also houses a range of dApps to support a flourishing blockchain network. aelf is committed to fostering innovation within its ecosystem and remains dedicated to driving the development of Web3 and the adoption of blockchain technology. About ChainsAtlas ChainsAtlas introduces a new approach to Web3 infrastructure, blending multiple blockchain technologies and smart contract features to create a unified, efficient processing network. Its core innovation lies in virtualization-enabled smart contracts, allowing consistent software operation across different blockchains. This approach enhances decentralized applications' complexity and reliability, promoting easier integration of existing software into the blockchain ecosystem. The team behind ChainsAtlas, driven by the transformative potential of blockchain, aims to foster global opportunities and equality. Their commitment to building on existing blockchain infrastructure marks a significant step towards a new phase in Web3, where advanced and reliable decentralized applications become the norm, setting new standards for the future of decentralized networks.

Read More