VMware’s Perfect 10 Vulnerability: Three “Simple” Steps to Admin

Cbronline | April 16, 2020

On April 9, as many were getting ready in the UK for a long Easter Bank Holiday weekend, VMware quietly pushed out a security advisory for a major vulnerability in vCenter — the centralised management utility for the server and desktop virtualisation giant’s customers. The fix was for a critical flaw that, if exploited, would give an attacker access to the crown jewels of corporate infrastructure: the bug sits at the heart of vmdir (VMware directory service), which is central to a product that manages thousands of virtual machines and virtualised hosts.

Spotlight

Engineers, designers, and scientists have traditionally relied on dedicated graphics workstations to perform the most demanding tasks, such as manipulating 3D models and visually analyzing large data sets. These standalone workstations carry high acquisition and maintenance costs. In addition, in industries such as oil and gas, space exploration, aerospace, engineering, scientific research, and manufacturing, users with these advanced requirements must be in the same physical location as the workstation.

Spotlight

Engineers, designers, and scientists have traditionally relied on dedicated graphics workstations to perform the most demanding tasks, such as manipulating 3D models and visually analyzing large data sets. These standalone workstations carry high acquisition and maintenance costs. In addition, in industries such as oil and gas, space exploration, aerospace, engineering, scientific research, and manufacturing, users with these advanced requirements must be in the same physical location as the workstation.

Related News

VIRTUAL DESKTOP TOOLS

Trellix Finds Business Services Top Target of Ransomware Attacks

Trellix | July 19, 2022

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released The Threat Report: Summer 2022, analyzing cybersecurity trends and attack methods from the first quarter of 2022. The report features research from Trellix Threat Labs into connected healthcare and access control systems. It also includes analysis of email security trends and details the evolution of Russian cybercrime related to the conflict in Ukraine where new malware or methods have yet to be observed. Key findings: Increased Threats to Business Services: Companies providing IT, finance and other types of consulting and contract services were targeted by adversarial actors more often, demonstrating cybercriminals desire to disrupt multiple companies with one attack. Business services accounted for 64% of total U.S. ransomware detections and was the second most targeted sector behind telecom across global ransomware detections, malware detections, and nation-state backed attacks in Q1 2022. Ransomware Evolution: Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined. Trellix also observed ransomware groups building lockers targeting virtualization services with varied success. Leaked chats from the quarter’s second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cybercriminal enterprises. Email Security Trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware. Trellix also identified emails with malicious documents and executables like infostealers and trojans attached. “With the merging of our digital and physical worlds, cyberattacks cause more chaos in our daily lives, Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back. Global threat actors have novel cyber artillery ready to deploy in case of escalation and organizations need to remain vigilant.” -Christiaan Beek, Lead Scientist and Senior Principal Engineer, Trellix. The Threat Report: Summer 2022 leverages proprietary data from Trellix’s network of over one billion sensors, open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity. Telemetry related to detection of threats is used for the purposes of this report. A detection is when a file, URL, IP-address, suspicious email, network behavior or other indicator is detected and reported via the Trellix XDR ecosystem. Additional Resources Trellix Threat Center Trellix Threat Labs Blog The Threat Report: Summer 2022 About Trellix- Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security.

Read More

VIRTUAL DESKTOP TOOLS

IP Infusion Successfully Validates its Disaggregated Cell Site Gateway for Open Fronthaul Use Cases at O-RAN Global PlugFest Spring 2022

IP Infusion | July 26, 2022

IP Infusion, a leading provider of open network software and solutions for wireline and mobile network operators, today announced that it successfully demonstrated the maturity and stability of its OcNOS®-based Disaggregated Cell Site Gateway (DCSG) solution addressing Fronthaul use cases at the O-RAN Global PlugFest Spring 2022. O-RAN Alliance, a preeminent open technical organization comprising more than 350 companies and institutions, is transforming worldwide Radio Access Networks (RAN) to be intelligent, virtualized and fully interoperable. It features a large cross-section of Mobile Network Operators (MNOs) and vendors focused on the disaggregation of the RAN. IP Infusion’s OcNOS-based DCSG contributes essential operational elements of the 5G mobile network, enabling rapid deployment and proven reliability, stability and flexibility. “O-RAN Alliance’s stringent specifications for open software RAN architecture are defining the future network,” said Atsushi Ogata, President and CEO of IP Infusion. “This vigorous validation and testing in a multi-vendor environment confirms that IP Infusion’s field tested Fronthaul Switch helps operators save on costs as external timing equipment is not needed. We strongly advocate for a telecom industry that is a collaborative, virtualized RAN ecosystem of open, multi-vendor, autonomous networks focused on innovation and agility.” IP Infusion participated in multi-vendor Fronthaul testing in two independent working environments for the O-RAN Global PlugFest. O-RAN PlugFest hosted by AT&T and DISH University of New Hampshire InterOperability Laboratory (UNH-IOL) in Durham, NH, USA O-RAN PlugFest hosted by Auray Auray OTIC and Security Lab in Taoyuan City, Taiwan IP Infusion’s DCSG demonstrated advanced Timing and Synchronization capabilities critical to the Fronthaul network. The DCSG as Fronthaul Switch Solution provides unique functionality in the Fronthaul by providing an integrated Grand Master Clock reference to the RAN components. This complete Transport Timing Profile support ensures that IP Infusion is the source for Timing and Synchronization in the Fronthaul. The mature transport capabilities provide high-performance and low-latency with services such as Segment Routing, L2VPN-EVPN and L3VPN, for the RAN traffic. PlugFest Testing Specifications: End-to-End Forwarding and Latency verification of Fronthaul as per O-RAN Open xHaul Transport Working Group 9 specification O-RAN Fronthaul Working Group 4 Conformance Test Specification PlugFest Testing Scope: Multi-vendor Interoperability and integration testing of O-RAN components in a lab environment O-RAN specified end-to-end tests Open Fronthaul S-plane testing Portions of O-RAN specified Open Fronthaul Conformance tests, with a focus on the S-Plane Verification and validation of applicability of tests in a lab environment O-RAN specified Open Fronthaul Conformance tests O-RAN specified end-to-end tests IP Infusion’s solution confirmed its use case capabilities for mobile Fronthaul. Specific multi-vendor testing also showed the solution meeting or exceeding standards for: Fronthaul Switch providing Transport and Synchronization to other RAN components Integrated Grandmaster clock capability eliminating need for additional timing equipment in the Fronthaul Precision Time Protocol (PTP) and Synchronous Ethernet (SyncE) used to provide clock reference to multiple O-RUs and O-DUs Timing reference provided via 1PPS and 10MHz interfaces to O-DUs Mature services including Segment Routing, L2VPN-EVPN and L3VPN used for transporting RAN traffic Extensive Quality of Service (QoS) feature support, ensuring prioritized transport Node latency verification using external wave-form analyzer Testing scenarios established realistic deployment conditions with a spectrum of technologies, protocols, and encapsulations of the solutions under review. About IP Infusion IP Infusion is a leading provider of open network software and solutions for carriers, service providers and data center operators. Our solutions enable network operators to disaggregate their networks to accelerate innovation, streamline operations, and reduce Total Cost of Ownership (TCO). Network OEMs may also disaggregate network devices to expedite time to market, offer comprehensive services, and achieve carrier grade robustness. IP Infusion OcNOS and ZebOS common software platforms have been adopted by over 500 customers and thousands of deployments. In addition, IP Infusion offers commercial distributions of open source NOS projects including SONiC and DANOS Vyatta Edition. Our products are backed up by carrier-grade advanced network services. IP Infusion, ZebOS, and OcNOS are trademarks or registered trademarks of IP Infusion. ACCESS is a registered trademark or trademark of ACCESS CO., LTD. in the United States, Japan and/or other countries. Northforge Innovations is a registered trademark of Northforge Innovations, Inc. All other trademarks, service marks, registered trademarks, or registered service marks mentioned are the property of their respective owners.

Read More

VMWARE

Broadcom to Acquire Virtualization Pioneer VMware

Broadcom | June 01, 2022

Broadcom announced Thursday that it intends to acquire virtualization pioneer and multicloud leader VMware for $61 billion in a landmark technology transaction rivaled only in value by Dell's $67 billion acquisition of EMC in 2016 and Microsoft's $68.7 billion acquisition of Activision Blizzard earlier this year. The statement on Thursday confirms allegations that the two corporations were in purchase negotiations over the weekend. According to the release, the boards of directors of both firms unanimously accepted the transaction. The purchase is scheduled to close in Broadcom's 2023 fiscal year, which runs from November 2022 to October 2023, pending regulatory, shareholder approvals, and other closing conditions. As part of the agreement, Broadcom's software division would be absorbed into the VMware brand. Broadcom Software Group includes infrastructure and security software solutions for businesses. VMware CEO Raghu Raghuram in a prepared statement said that "We stand for innovation and unwavering support of our customers and their most important business operations and now we are extending our commitment to exceptional service and innovation by becoming the new software platform for Broadcom. Combining our assets and talented team with Broadcom's existing enterprise software portfolio, all housed under the VMware brand, creates a remarkable enterprise software player. Collectively, we will deliver even more choice, value and innovation to customers, enabling them to thrive in this increasingly complex multi-cloud era." Broadcom, which already owns CA Technologies and security behemoth Symantec, is based on semiconductors. With inflation and recession worries likely dampening future IT hardware investment, Broadcom's purchase of VMware, with its extensive portfolio of digital solutions, might serve as a balm. "VMware's platform and Broadcom's infrastructure software solutions address different but important enterprise needs, and the combined company will be able to serve them more effectively and securely." Tom Krause, head of the Broadcom Software Group The news of the prospective merger coincided with the publication of VMware and Broadcom's respective quarterly earnings results on Thursday. VMware announced overall revenue of $3.09 billion for the quarter, up 3% year on year, as well as $899 million in sales from SaaS and subscription solutions, up 21% year on year. Broadcom announced overall sales of $8.1 billion, an increase of 23% year on year.

Read More