VMware vSphere is the most widely used virtualization platform for on-premises data centers. Similarly to other virtualization platforms, it basically relies on host servers running guest machines. These hosts and guest machines can be managed using administration interfaces such as vSphere API and VIX API. The GuardiCore Labs team has discovered a vulnerability in the vSphere infrastructure that can be exploited using VMware’s Virtual Infrastructure eXtension (VIX) API. This vulnerability allows an attacker to remotely execute code on guest machines, bypassing the need for guest authentication.
https://www.guardicore.com/wp-content/uploads/2017/07/escalating-insider-threats-using-vmwares-api2.jpg 446 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2017-07-27 12:24:572019-07-30 03:30:20Escalating Insider Threats Using VMware's API
Dave Burton https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Burton2017-07-19 05:35:402017-07-19 05:35:40Guardicore Labs to Disclose Vulnerability in VMware vSphere at Black Hat USA 2017: From vSphere User to Guest Remote Code Execution
Session to Address Vulnerability That May Allow a vSphere User to Take Over Data Center Guest Machines
San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center and cloud security, today announced it would unveil a significant vulnerability affecting all recent VMware vSphere versions including 6.5, 6.0, 5.5 and provide mitigation at the upcoming Black Hat USA 2017.
https://www.guardicore.com/wp-content/uploads/2017/07/686X187-BH.png 187 686 Dave Klein https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Klein2017-07-17 07:13:222019-02-25 10:22:01Top 5 Things to See and Do During Black Hat 2017
From the horrors of ransomware, panic over election hacking, stolen emails to very interesting things like WannaCry andPetya/NotPetya/Nyetya/Goldeneye, it’s been a red-letter year in the world of cybersecurity. At Black Hat 2016 we introduced the Infection Monkey, free, open source pen test tool to educate the world on lateral movement. Lateral movement is how hackers […]
https://www.guardicore.com/wp-content/uploads/2017/07/gdpr-cover.jpg 187 686 Sharon Besser https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Sharon Besser2017-07-05 06:53:052019-02-25 10:23:22GDPR is coming. Brace for impact
Do you remember the Data Protection Directive 95/46 EC ? Probably not, and for a good reason: This 1995 European Union (EU) directive regulates the processing of personal data within the EU. Compliance throughout the years has been mandatory but its enforcement section was weak, keeping the risk of non-compliance for companies at low rates. […]