430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Are you using EMC and VMware solutions? Watch out unauthorized accesses!

EMC Data Domain OS and VMware NSX and vRealize are affected by security issues that could be exploited to gain unauthorized access to data. Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers. An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users […]

Are you using EMC and VMware solutions? Watch out unauthorized accesses!

EMC Data Domain OS and VMware NSX and vRealize are affected by security issues that could be exploited to gain unauthorized access to data.

Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers.

An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users to compromise the affected system.

EMC Data Domain OS is the operating system running on disk backup units, the flaw could allow ill-intentioned users to log the system assuming the identity of one of the allowed users and access his data.

“Data Domain logs the session identifier of a user logged in via the GUI in a file that is accessible to all users. A malicious user could use the disclosed
session identifier to take over the account of the victim, a GUI user whose session identifier was disclosed.” reported the notification published by EMC.

EMC issued a security update for the EMC Data Domain OS 5.5, 5.6 and 5.7.

VMware EMC unauthorized access

Are you using VMware NSX and vCNS products? You must read this, according to the VMSA-2016-0007 advisory, the VMware NSX and vCNS product updates address a critical information disclosure vulnerability in the VMware software.

An attacker can exploit the vulnerability  to gain access to sensitive data as explained by the company in the advisory.

“VMware NSX and vCNS with SSL-VPN enabled contain a critical input validation vulnerability. This issue may allow a remote attacker to gain access to sensitive information. ” states the advisory.

VMware released security patches for both NSX Edge 6.1 and 6.2 and vCNS Edge 5.5. Unfortunately, VMware admins have to consider also another security issue, an important stored cross-site scripting issue in VMware vRealize Log Insight (VMSA-2016-0008)

Hackers can exploit the flaw to hijack an authenticated user’s session, the security advisory urges administrators using Versions 2.x and 3.x to apply the available patches.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – VMware, EMC Data Domain)