Home > News > featured news > VMware issues 10.0 CVSS rating on vCenter Server vulnerability

VMware issues 10.0 CVSS rating on vCenter Server vulnerability

scmagazine | April 13, 2020

VMWare issued a warning and patch for a vulnerability in its VMware vCenter Server that maxed out the CVSS rating system by garnering a 10.0. The issue, CVE-2020-3952, centers on the vmdir that ships with VMWare vCenter Server as it does not properly implement access controls. To exploit this vulnerability a malicious actor would have to have network access to an affected vmdir deployment giving them the ability to extract highly sensitive information which then could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication. Satnam Narang, principal research engineer at Tenable, pointed out that VMWare listed only a limited set of vCenter Servers affected by this flaw, specifically version 6.7 upgraded from version 6.0 and 6.5. Narang also suggested that by giving the flaw a 10.0 CVSS score VMWare likely believes it is easy to exploit.

Spotlight

VMware SD-WAN Edge platform specifications

VMware SD-WAN™, a fundamental component of VMware SASE™ (Secure Access Service Edge), offers converged cloud networking and security services to achieve flexibility, agility, and scale for enterprises of all sizes. VMware SD-WAN is built on software-defined networking principles to address end-to-end automation, application continuity, branch transformation, and security from the edge to the data center and the cloud

More featured news

Spotlight

VMware SD-WAN Edge platform specifications

VMware SD-WAN™, a fundamental component of VMware SASE™ (Secure Access Service Edge), offers converged cloud networking and security services to achieve flexibility, agility, and scale for enterprises of all sizes. VMware SD-WAN is built on software-defined networking principles to address end-to-end automation, application continuity, branch transformation, and security from the edge to the data center and the cloud

Related News

Virtual Desktop Tools, Virtual Server Infrastructure

MacStadium Secures Two Patents to Further Expand Innovation Across Apple Enterprise Cloud Deployments

businesswire | July 13, 2023

MacStadium, the industry-leading Mac private cloud and software-as-a-service provider enabling macOS workloads, today announced it has secured two patents: one for injection molded “helmets” providing keyboard, video and mouse (KVM) and precise power button control remotely, and one for a new rack shelving design with optimizing server density along with the KVM system. MacStadium’s helmets, which sit atop a Mac mini or Mac Studio, are specifically designed to retrofit the company’s current shelving offering. Leveraging 3D printing technology to rapidly prototype and refine the design, this innovation dramatically reduces time-to-market and yields very low cost per unit. While the helmets remain compatible with former shelving solutions, the new shelf design offers six times the server density of older Mac Pro racks and 50% more server density than existing Mac mini racks. Additionally, each Mac server is provisioned with an Apple-focused KVM device providing significant capabilities and advantages while slashing rack shelving costs by 50% or more. “These patents offer an exciting glimpse into how much we have grown and evolved our technology to better service our customers with scalability on-demand and faster deployment made possible via our enterprise hardware program,” said Paul Benati, MacStadium’s senior vice president and COO. “MacStadium has been and remains at the forefront of Apple enterprise innovation. As the first to market with new Apple servers, we continue to innovate, prioritizing reduced system friction, increased customer ease and satisfaction and decreased costs.” MacStadium’s proprietary helmet - which is currently in production - houses a temperature probe, LED light, OLED display and a servo, which allows for granular remote control of Apple devices’ power button. These KVM devices can remotely control the Apple devices to which they are connected, eliminating the need for customers to request server control and for IT teams to physically go to data centers to correct issues. With these remote control and self-service features, customers unlock new capabilities, including the ability to dynamically define the purpose of the Apple device, access to network storage and the long-awaited ability to run FileVault. The KVM system is securely accessed via SSL, SSO integration and authentication and authorization via lightweight directory access protocol (LDAP). The shelving system, which will soon begin production, is designed to hold 24 Mac minis and 24 Apple-focused KVM devices, increasing the capacity of a standard rack to 144 Mac minis. In addition to increased operational efficiencies and secure server access from anywhere in the world, the shelving design offers tremendous cost savings due to its injection molded manufacturing. Not only is this manufacturing offered globally by a multitude of vendors, but it also allows for reduced shipping costs and more server density per square foot due to the product’s reduced bulk and weight. These innovations provide a clear competitive advantage for customers and are just some of the foundational elements of MacStadium's offering, aimed at driving Mac compute to customers via self-service. The patents come after MacStadium announced Orka Workspace with Pulse, designed to enable high-definition audio and visual streaming on virtual Mac desktops via any HTML5-supported browser. In addition, the company recently made public its Orka Small Teams edition, a self-service purchase option, giving MacDevOps teams immediate access to the industry’s leading enterprise-grade macOS virtualization and orchestration tool. As tech companies look to streamline operations and maximize their resources, this automation is critical to remain competitive. About MacStadium Founded in 2011 and headquartered in Atlanta, MacStadium is a private Mac cloud provider delivering scalable and secure enterprise cloud solutions exclusively for macOS. The company’s suite of advanced software-enabled infrastructure, combined with its innovative technology, delivers the security, performance, reliability and flexibility its MacDevOps customers require for successful app development on Apple devices. Powered by MacStadium, Orka® (Orchestration with Kubernetes on Apple) Platform is the only virtualization layer available for Mac build infrastructure based on popular Docker and Kubernetes technology. MacStadium is a Summit Partners portfolio company with multi-site operations in the U.S. and EU.

Read More

Virtual Desktop Tools, Virtual Server Infrastructure

Cybeats Signs Pilot Agreement for SBOM Studio with One of The Largest Global Telecom Technology Providers, and a Leader in 5G

prnewswire | July 12, 2023

Cybeats Technologies Corp. is pleased to report the signing of a pilot evaluation agreement with a global leader in telecom and 5G technology, for the SBOM Studio platform.1 "Cybeats has been experiencing tremendous traction in the telecom sector following recent regulations and pressure by governments causing it to become a key SBOM adopter. We are pleased to be engaging in a pilot evaluation for SBOM Studio with an international leader in telecom, and look forward to continuing to expand into the global telecom market vertical with a solution that has already been commercially validated with industry leaders from several other sectors," said Bob Lyle, CRO, Cybeats. Further to Cybeats' recent press release2 dated June 16, the Company announced its strategic direction to also include the global telecom sector as it is an accelerating Software Bill of Materials (SBOM) adopter. The Company has been continuing to strengthen its commercial pipeline which now includes over five prospective telecom clients in various stages, and several of which are among the largest Mobile Network Operators (MNOs) and Mobile Network Equipment providers by revenue globally. This pilot agreement is with a leading telecom network equipment provider that has a market capitalization of over 15 billion EUR and sells infrastructure, software, services, and technology for the telecommunications industry, including 5G equipment, and operates in more than 180 countries. Cybeats announced a pilot conversion rate of 75% in January 2023.3 SBOM management enables telecom giants to achieve software transparency and ensure compliance with government regulations. It provides valuable visibility into software components and dependencies, enabling telecom companies to gain a more comprehensive understanding of their software. Telecom and mobile device providers must adhere to specific regulations such as FCC regulations, NDAA provisions, the EU Cybersecurity Act, UK Telecommunications (Security) Act, and NIST guidelines. Complying with these regulations is crucial for ensuring software transparency and security in the rapidly evolving telecom industry. In addition, a push to open infrastructure, like Open Radio Access Network Infrastructure (O-RAN), further signals a trend towards greater interoperability and security, i.e. with O-RAN software components requiring SBOMs. SBOMs have emerged as a catalyst for transformation in cybersecurity across nearly all sectors to improve visibility and security of the software supply chain, yet organizations face challenges with widespread implementation of SBOM due to the scale of change and associated costs. SBOM Studio is specifically designed to automate SBOM management, accelerate vulnerability management, simplify SBOM implementation, and ultimately improve ROI by reducing the overhead required to embed SBOM management across an organization. About Cybeats Cybeats is a cybersecurity company providing SBOM management and software supply chain intelligence technology, helping organizations to manage risk, meet compliance requirements, and secure their software from procurement to development and operation. Our platform gives customers comprehensive visibility and transparency into their software supply chain, enabling them to improve operational efficiency and increase revenue.

Read More

Virtual Desktop Tools, Virtual Server Infrastructure

European Commission Approves Broadcom's Acquisition of VMware

prnewswire | July 17, 2023

Broadcom Inc. a global technology leader that designs, develops and supplies semiconductor and infrastructure software solutions, received conditional approval today from the European Commission to complete its acquisition of VMware, Inc. (NYSE: VMW). With this decision, the Commission recognizes the importance of this combination in enabling enterprises to accelerate growth and momentum in the multi-cloud ecosystem, and in expanding customer choice and creating more potential for increased innovation and competition. Broadcom has also received legal merger clearance in Australia, Brazil, Canada, South Africa, and Taiwan, and foreign investment control clearance in all necessary jurisdictions. While Broadcom believes that its proposed acquisition of VMware will only increase competition and innovation in cloud computing, Broadcom provided the European Commission with a technology access remedy that preserves interoperability, a core principle that would not have changed as a result of this transaction. Broadcom did this to fully address the concerns expressed by the European Commission, and Broadcom welcomes the Commission's decision to accept this access remedy. Broadcom looks forward to continuing to work constructively with regulators around the world. Broadcom is confident that when regulators conclude their review, they too will see that the combination of Broadcom and VMware will enhance competition in the cloud and benefit enterprise customers by giving them more choice and control over where they locate their workloads. Broadcom continues to expect that the transaction will close in its fiscal year 2023. About Broadcom Inc. Broadcom Inc. (NASDAQ: AVGO), a Delaware corporation headquartered in San Jose, CA, is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions. Broadcom's category-leading product portfolio serves critical markets including data center, networking, enterprise software, broadband, wireless, storage and industrial. Our solutions include data center networking and storage, enterprise, mainframe and cyber security software focused on automation, monitoring and security, smartphone components, telecoms and factory automation.

Read More

Virtual Desktop Tools, Virtual Server Infrastructure

MacStadium Secures Two Patents to Further Expand Innovation Across Apple Enterprise Cloud Deployments

businesswire | July 13, 2023

MacStadium, the industry-leading Mac private cloud and software-as-a-service provider enabling macOS workloads, today announced it has secured two patents: one for injection molded “helmets” providing keyboard, video and mouse (KVM) and precise power button control remotely, and one for a new rack shelving design with optimizing server density along with the KVM system. MacStadium’s helmets, which sit atop a Mac mini or Mac Studio, are specifically designed to retrofit the company’s current shelving offering. Leveraging 3D printing technology to rapidly prototype and refine the design, this innovation dramatically reduces time-to-market and yields very low cost per unit. While the helmets remain compatible with former shelving solutions, the new shelf design offers six times the server density of older Mac Pro racks and 50% more server density than existing Mac mini racks. Additionally, each Mac server is provisioned with an Apple-focused KVM device providing significant capabilities and advantages while slashing rack shelving costs by 50% or more. “These patents offer an exciting glimpse into how much we have grown and evolved our technology to better service our customers with scalability on-demand and faster deployment made possible via our enterprise hardware program,” said Paul Benati, MacStadium’s senior vice president and COO. “MacStadium has been and remains at the forefront of Apple enterprise innovation. As the first to market with new Apple servers, we continue to innovate, prioritizing reduced system friction, increased customer ease and satisfaction and decreased costs.” MacStadium’s proprietary helmet - which is currently in production - houses a temperature probe, LED light, OLED display and a servo, which allows for granular remote control of Apple devices’ power button. These KVM devices can remotely control the Apple devices to which they are connected, eliminating the need for customers to request server control and for IT teams to physically go to data centers to correct issues. With these remote control and self-service features, customers unlock new capabilities, including the ability to dynamically define the purpose of the Apple device, access to network storage and the long-awaited ability to run FileVault. The KVM system is securely accessed via SSL, SSO integration and authentication and authorization via lightweight directory access protocol (LDAP). The shelving system, which will soon begin production, is designed to hold 24 Mac minis and 24 Apple-focused KVM devices, increasing the capacity of a standard rack to 144 Mac minis. In addition to increased operational efficiencies and secure server access from anywhere in the world, the shelving design offers tremendous cost savings due to its injection molded manufacturing. Not only is this manufacturing offered globally by a multitude of vendors, but it also allows for reduced shipping costs and more server density per square foot due to the product’s reduced bulk and weight. These innovations provide a clear competitive advantage for customers and are just some of the foundational elements of MacStadium's offering, aimed at driving Mac compute to customers via self-service. The patents come after MacStadium announced Orka Workspace with Pulse, designed to enable high-definition audio and visual streaming on virtual Mac desktops via any HTML5-supported browser. In addition, the company recently made public its Orka Small Teams edition, a self-service purchase option, giving MacDevOps teams immediate access to the industry’s leading enterprise-grade macOS virtualization and orchestration tool. As tech companies look to streamline operations and maximize their resources, this automation is critical to remain competitive. About MacStadium Founded in 2011 and headquartered in Atlanta, MacStadium is a private Mac cloud provider delivering scalable and secure enterprise cloud solutions exclusively for macOS. The company’s suite of advanced software-enabled infrastructure, combined with its innovative technology, delivers the security, performance, reliability and flexibility its MacDevOps customers require for successful app development on Apple devices. Powered by MacStadium, Orka® (Orchestration with Kubernetes on Apple) Platform is the only virtualization layer available for Mac build infrastructure based on popular Docker and Kubernetes technology. MacStadium is a Summit Partners portfolio company with multi-site operations in the U.S. and EU.

Read More

Virtual Desktop Tools, Virtual Server Infrastructure

Cybeats Signs Pilot Agreement for SBOM Studio with One of The Largest Global Telecom Technology Providers, and a Leader in 5G

prnewswire | July 12, 2023

Cybeats Technologies Corp. is pleased to report the signing of a pilot evaluation agreement with a global leader in telecom and 5G technology, for the SBOM Studio platform.1 "Cybeats has been experiencing tremendous traction in the telecom sector following recent regulations and pressure by governments causing it to become a key SBOM adopter. We are pleased to be engaging in a pilot evaluation for SBOM Studio with an international leader in telecom, and look forward to continuing to expand into the global telecom market vertical with a solution that has already been commercially validated with industry leaders from several other sectors," said Bob Lyle, CRO, Cybeats. Further to Cybeats' recent press release2 dated June 16, the Company announced its strategic direction to also include the global telecom sector as it is an accelerating Software Bill of Materials (SBOM) adopter. The Company has been continuing to strengthen its commercial pipeline which now includes over five prospective telecom clients in various stages, and several of which are among the largest Mobile Network Operators (MNOs) and Mobile Network Equipment providers by revenue globally. This pilot agreement is with a leading telecom network equipment provider that has a market capitalization of over 15 billion EUR and sells infrastructure, software, services, and technology for the telecommunications industry, including 5G equipment, and operates in more than 180 countries. Cybeats announced a pilot conversion rate of 75% in January 2023.3 SBOM management enables telecom giants to achieve software transparency and ensure compliance with government regulations. It provides valuable visibility into software components and dependencies, enabling telecom companies to gain a more comprehensive understanding of their software. Telecom and mobile device providers must adhere to specific regulations such as FCC regulations, NDAA provisions, the EU Cybersecurity Act, UK Telecommunications (Security) Act, and NIST guidelines. Complying with these regulations is crucial for ensuring software transparency and security in the rapidly evolving telecom industry. In addition, a push to open infrastructure, like Open Radio Access Network Infrastructure (O-RAN), further signals a trend towards greater interoperability and security, i.e. with O-RAN software components requiring SBOMs. SBOMs have emerged as a catalyst for transformation in cybersecurity across nearly all sectors to improve visibility and security of the software supply chain, yet organizations face challenges with widespread implementation of SBOM due to the scale of change and associated costs. SBOM Studio is specifically designed to automate SBOM management, accelerate vulnerability management, simplify SBOM implementation, and ultimately improve ROI by reducing the overhead required to embed SBOM management across an organization. About Cybeats Cybeats is a cybersecurity company providing SBOM management and software supply chain intelligence technology, helping organizations to manage risk, meet compliance requirements, and secure their software from procurement to development and operation. Our platform gives customers comprehensive visibility and transparency into their software supply chain, enabling them to improve operational efficiency and increase revenue.

Read More

Virtual Desktop Tools, Virtual Server Infrastructure

European Commission Approves Broadcom's Acquisition of VMware

prnewswire | July 17, 2023

Broadcom Inc. a global technology leader that designs, develops and supplies semiconductor and infrastructure software solutions, received conditional approval today from the European Commission to complete its acquisition of VMware, Inc. (NYSE: VMW). With this decision, the Commission recognizes the importance of this combination in enabling enterprises to accelerate growth and momentum in the multi-cloud ecosystem, and in expanding customer choice and creating more potential for increased innovation and competition. Broadcom has also received legal merger clearance in Australia, Brazil, Canada, South Africa, and Taiwan, and foreign investment control clearance in all necessary jurisdictions. While Broadcom believes that its proposed acquisition of VMware will only increase competition and innovation in cloud computing, Broadcom provided the European Commission with a technology access remedy that preserves interoperability, a core principle that would not have changed as a result of this transaction. Broadcom did this to fully address the concerns expressed by the European Commission, and Broadcom welcomes the Commission's decision to accept this access remedy. Broadcom looks forward to continuing to work constructively with regulators around the world. Broadcom is confident that when regulators conclude their review, they too will see that the combination of Broadcom and VMware will enhance competition in the cloud and benefit enterprise customers by giving them more choice and control over where they locate their workloads. Broadcom continues to expect that the transaction will close in its fiscal year 2023. About Broadcom Inc. Broadcom Inc. (NASDAQ: AVGO), a Delaware corporation headquartered in San Jose, CA, is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions. Broadcom's category-leading product portfolio serves critical markets including data center, networking, enterprise software, broadband, wireless, storage and industrial. Our solutions include data center networking and storage, enterprise, mainframe and cyber security software focused on automation, monitoring and security, smartphone components, telecoms and factory automation.

Read More

More featured news