VMware Patches ESXi Vulnerability That Earned Hacker $200,000

oodaloop | December 09, 2019

On Thursday, VMware informed customers that it has released an updated version of its software that has patched a vulnerability that allowed for critical remote code execution in ESXi, which was exposed at China’s Tianfu Cup hacking competition earlier this month. The exploit, which only took 24 seconds to execute and earned the hacking team a total of $200,000, involved the hacker demonstrating control of the host operating system. The hacker, who is a member of the team 360Vulcan, received the highest single payout of the event. VMware employees attended the event and therefore were provided with details of the exploit after the demonstration, which took place less than a month ago. The vulnerability affects ESXi versions 6.0, 6.5, and 6.7 running on any platform.

Spotlight

Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Kingston Digital ©2012 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Kingston Technology June 12, 2015 Taking Advantage of Modern Memory and Storage with Windows Server 2012.


Other News
DESKTOP

Alludo Global Survey: Leaders Say They Support Remote and Hybrid Work for Their Teams—the Data Tells a Different Story

Alludo | November 23, 2022

Alludo, a global technology company helping people work better and live better, released survey results that highlight a clear divide in the freedom and flexibility that global management teams have versus individual contributors. While the majority of respondents agree that remote and hybrid work is here to stay, only 40% of non-managers have the freedom to work remotely compared to 63% of people managers* who can work from anywhere. The Alludo survey data shows that leadership has been slow to adopt change across all levels of the organization. Making the shift to a remote and hybrid work model requires a fundamental shift in the way leaders lead. In this new world, the employee-manager relationship is built on trust, and outcomes are the true indicators of success. Employees are no longer constrained by bureaucratic processes and micromanaging––a bottoms-up, “people-first” approach is needed instead of the command and control of the past. This concept is called Work3, an idea championed by Alludo during the company’s recent rebrand. Work3 is a shift in work culture that supports the notion that all employees should have the freedom and flexibility to choose where, when, and how they do their best work. “True leadership isn’t about getting people in a room to do what you want, It’s about giving employees the room to deliver amazing results. The last few years have proven that knowledge workers can be productive at home. It’s time for leadership teams to leave the mandatory 9-to-5 office experience behind and recognize that freedom and flexibility are key to not only working better but living better." Christa Quarles, Chief Executive Officer at Alludo In addition to where they work, employees want flexibility in when they work. The survey data confirms that three-fourths (74%) of employees no longer want to work a standard 9-to-5 day. However, almost half (47%) of non-managers still work standard hours compared to nearly one-third of managers. Again, this highlights the gap in the freedom offered to individual contributors versus managers, with the former having less flexibility when it comes to determining when and where they work. To be successful in the remote and hybrid world, leadership needs to create a cohesive vision, outline clear expectations and outcomes, and give their employees the freedom and flexibility to decide when, where, and how they do their best work. The reality, however, is a far different picture. The survey data shows that C-level executives believe they have adapted to the new way of managing, but non-managers disagree. 58% of C-level executives believe their company has changed the way remote and hybrid employees are managed. But 57% of non-managers disagree and say leadership has not changed their management style and 28% indicate they are still micromanaged. If leaders do not evolve their management style to give their employees more freedom and flexibility to choose where, when, and how they work, data shows that 43% of individual contributors would consider quitting or even changing careers––that’s nearly half! About Alludo Alludo™ is a global technology company helping people work better and live better. We’re the people behind award-winning, globally recognizable brands including Parallels®, Corel®, MindManager®, and WinZip®. Our professional-caliber graphics, virtualization, and productivity solutions are finely tuned for the digital remote workforce delivering the freedom to work when, where, and how you want. With a 35+ year legacy of innovation, Alludo empowers all you do, helping more than 2.5 million paying customers to enable, ideate, create, and share on any device, anywhere.

Read More

VIRTUAL DESKTOP TOOLS

Exoprise Customers Achieve Significant ROI With SaaS and Digital Experience Monitoring

Exoprise | September 12, 2022

Exoprise, a leader in Digital Experience Monitoring (DEM) solutions, announced that its customers continue to realize significant Return on Investment (ROI) with Exoprise solutions and achieve positive ROI within six months of implementation. Troubleshooting remote worker issues using traditional tools creates visibility challenges, severely impacting business continuity and productivity. According to the latest Forrester future of work survey, 20% of employees contact the service desk support team weekly, and 10% contact them daily – far too often to remain consistently productive. In current economic conditions, companies have the potential to save thousands to millions in IT costs using features and capabilities offered by Exoprise DEM solutions. As one of the Exoprise customers, a global CRM head at a financial services company, told us, "Upon returning from a weekend, our employees could not access their Salesforce app in the morning. As a result, IT and several other teams spent at least half a day trying to find the root cause, which cost the company about $500K. With Exoprise synthetics, we would have immediately narrowed the problem to a change made by the network team and saved a huge loss to the company." Exoprise customers achieve superior ROI with their DEM investment by: Recovering Service Level Agreement (SLA) credit – IT teams receive Service Level Agreement (SLA) violation credits when Microsoft 365 has downtime. For example, Microsoft services such as Azure, Teams, OneDrive, etc. may not be available due to an outage or technical issue. Service availability less than the SLA of 99.9% requires Microsoft to reward credits to the customer. Exoprise provides actionable availability reports that act as evidence of true downtime, outage length, events, errors, and corresponding service health. Customers quickly verify and claim their credits to recoup the cost of the Exoprise system. Saving Costs on Device Refresh and Upgrades – IT departments often need to upgrade their infrastructure with new hardware or software, so employees remain productive and job satisfaction remains high. However, with a shrinking economy and flat expense budget, businesses struggle to keep up with that mandate. Utilizing Exoprise Service Watch Real User Monitoring (RUM), operation teams are driving upgrade decisions based on hard network and device telemetry data, segmenting different user groups, and auditing remote endpoint devices. The result is an optimized device refresh schedule and cost-effective companywide upgrades. Another Exoprise user, a Microsoft Teams administrator at a manufacturing services company, "We had frequent complaints from users about poor Teams meetings/calls. Initially, we would upgrade the hardware to the latest to fix the problem and spend thousands doing that, but the problems persisted. So, when we started using Service Watch, we could see exactly where the problem was for each user - and avoid upgrading when the problems were due to corporate network or weak Wi-Fi access points." Preventing Network Upgrade Surprises and Downtime – Future proofing the business means frequent network optimization. Enterprises rely on mission-critical services such as Microsoft 365, Salesforce, AWS, and SAP. Delivering these services via ISPs, MPLS, SDWAN, and VPN providers becomes susceptible to performance fluctuations. Exoprise provides end-to-end baseline views of the network for mission-critical applications before, during, and after any network transformation takes place. As a result, network administrators can ensure that the end-user experience is improved and access is more reliable. Delivering Better Digital Experiences Anywhere and reducing MTTR – The Modern Workplace demands remote flexibility along with the freedom to work anywhere. ITOps teams require end-to-end visibility into apps, the network, and system performance for these Digital Nomads, and the Exoprise platform delivers. Once deployed, Exoprise helps customers safely transition to a hybrid work model. Proactive synthetics provide early outage detection while crowdsourced analytics reduce the troubleshooting time in half. Improving Productivity with Less Dropped Calls for Teams, Zoom, and Webex – Today, knowledge workers collaborate using Unified Communication (UC), VoIP, and streaming applications such as Microsoft Teams, Zoom, and WebEx. Customers use Exoprise to proactively test and tune their networks for the collaboration platforms and offer complete coverage with Service Watch RUM. As a result, there is a significant ROI in reduced dropped calls and smoother call quality. "Due to Covid, our IT model has shifted from primarily supporting call center operations to supporting a significantly larger virtual environment. That was when we became interested in better measuring digital experiences from the end user's perspective. Synthetic sensors in our central data centers collect performance data on Microsoft 365, but we wanted an even more complete picture. Together with a real user monitoring on-demand solution, we can better understand the issues of our users at any geographic location," said Kevin Santos, Senior Director of IT, Network Operation Center, BCD Travel. "Exoprise has always been at the forefront of supporting our customers with innovative digital solutions and addressing hybrid workforce challenges with a complete view into the end-user experience, Our Service Watch product rapidly isolates call quality problems with VoIP and streaming apps such as Microsoft Teams, WebEx, and Zoom in real-time and ensures smooth collaboration from anywhere. In addition, our technical ability to deliver synthetics and real-user behavior insights in one platform differentiates us in the market." Exoprise CEO Jason Lieblich Read more about the combination of RUM and synthetics in our latest whitepaper and ensure the best digital employee experience for streaming, collaboration, and VoIP apps such as Microsoft Teams, Zoom, WebEx, and GoToMeeting. Better Together: Combine Real User Monitoring with Synthetics About Exoprise Exoprise enables IT teams to effectively deploy and manage its monitoring solution and mission-critical, cloud-based applications and services. CloudReady provides real-time performance visibility from behind the firewall to the cloud and back with synthetic monitoring. Service Watch provides location-independent end-user experience insights for SaaS and third-party web applications with real user monitoring. By leveraging proactive network path diagnostics, real user experience metrics, actual app usage data, and crowd-sourcing data analytics, organizations now have visibility, speed, and agility to easily assure the best cloud service performance.

Read More

VPN

VIAVI and VMware Announce Testbed as a Service for RAN Intelligent Controller Testing

Viavi | November 25, 2022

Viavi Solutions Inc.today announced that it has signed a partnership agreement with VMware to drive standardized frameworks and metrics for RAN Intelligent Controller (RIC) testing. This testbed as a service will enable mobile operators to introduce programmability to the RAN and help accelerate the adoption of Open RAN. The RIC is a cloud-native central component of an open and virtualized RAN network, enabling the optimization of RAN resources through analytic processing and adaptation recommendations. The RIC takes advantage of native and third-party xApps and rApps – microservice-based applications operating in near-real time (near-RT) and non-real-time (non-RT), respectively – to enable operators to automate and optimize RAN operations at scale to reduce the operator's total cost of ownership, and to introduce innovative new services. VMware is focused on attracting and collaborating with a vibrant ecosystem of partners to help its operator customers adopt Open RAN with complete confidence. VIAVI has the most comprehensive portfolio of Open RAN test solutions in the industry and plays a leading role in defining test processes in the O-RAN ALLIANCE and Telecom Infra Project (TIP). The two companies will work together to demonstrate compliance with RIC-related requirements, assisting CSPs in validating the solution in the lab and scaling the solution to production. The industry-leading VIAVI TeraVM RIC Test and the VMware RIC will form a joint testbed as a service for testing, profiling, and validating third-party xApps and rApps. In addition to the framework, the two companies will work together to drive industry consensus around testing methodology and performance metrics. By having pre-built test cases and a standardized test method for the RIC and xApp/rApp, operators can reduce the time it takes to validate the solution in their lab, meaning they can move to a production environment faster. "Open RAN, by definition, depends on strong collaboration to drive innovation, and that's a perfect way to think about this partnership between leaders in their respective fields, The RIC represents a huge opportunity to the industry: Applying AI/ML techniques allows operators to simplify the management of complex 5G configurations and dynamically optimize the network to cater for new use cases, energy efficiency, and changing traffic patterns." Ian Langley, Senior Vice President and General Manager, Wireless Business, VIAVI "We're excited to work with VIAVI on helping move the industry forward to accelerate the adoption of Open RAN," said Lakshmi Mandyam, vice president, Service Provider Product Management and Partner Ecosystem, VMware. "Our companies share a vision of what it will take to address the challenges hindering adoption by simplifying the path for CSPs to test, profile, and certify third-party xApps and rApps through a common framework. VIAVI's leadership in Open RAN testing and VMware's leadership in RIC make this an ideal collaboration." About VIAVI VIAVI (NASDAQ: VIAV) is a global provider of network test, monitoring and assurance solutions for communications service providers, hyperscalers, equipment manufacturers, enterprises, government and avionics. VIAVI is also a leader in light management technologies for 3D sensing, anti-counterfeiting, consumer electronics, industrial, automotive, government and aerospace applications. Together with our customers and partners we are United in Possibility, finding innovative ways to solve real-world problems.

Read More

VPN

Veracode Launches Container Security Offering That Secures Cloud-Native Application Development

Veracode | October 11, 2022

Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images. Veracode Chief Product Officer, Brian Roche, said, “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.” The Requirement for Container Security is Rapidly on the Rise Containers are increasingly used to simplify software deployment and runtime environment configuration management. They comprise small, fast, portable units of software in which code is packaged so that an application can be run quickly and reliably in different computing environments—from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers have the benefit of immutability, meaning they are not updated, reconfigured or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, helping to improve efficiency in the production environment. Despite the benefits of containers, they are affected by many of the same problems that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced through additional software, poorly managed secrets (like Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations. This has resulted in increased demand for products that address these issues and related problems, with the Global Container Security Market size expected to reach $3.9 billion by 2027*. Container security scanning analyzes container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that could lead to a vulnerability, and inadequate authentication and access control. Veracode Container Security Integrates into the Developer Environment Many products already in the market are aimed at securing containers in runtime and offer limited support for developers, posing a major challenge for early remediation. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available at the command line interface. Providing coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it delivers remediation advice to developers early in the software development life cycle so that insecure containers don’t ship to production. Veracode Container Security results are available in a variety of formats based on the user’s choice, including text, JSON (JavaScript Object Notation), and Software Bill of Materials (CycloneDX, SWID [Software Identification Tagging], or SPDX [Software Packaging Data Exchange]), making them easy to integrate with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure. “Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy into our cloud are secure,” said the Director of Information Security at an automotive company. “Without this tool, it would take our team weeks to receive and action container results and these would only have been available in limited formats. Now, we’re excited to integrate findings into the pipeline before they even move into production, creating time and cost efficiencies for our business.” About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

Spotlight

Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Kingston Digital ©2012 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Kingston Technology June 12, 2015 Taking Advantage of Modern Memory and Storage with Windows Server 2012.

Resources