Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition

VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at the Tianfu Cup PWN competition. White hat hackers earned more than $1 million for […]

VMware vROps

VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition.

VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at the Tianfu Cup PWN competition.

White hat hackers earned more than $1 million for zero-day exploits disclosed at the hacking contest that took place on November 16-17 in Chengdu.

Tang received $100,000 for the successful exploitation of the flaw, the virtualization giant has quickly fixed the critical Workstation and Fusion vulnerability.

“VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.” states the security advisory published by VMWare.

“VMware would like to thank Tianwen Tang of Qihoo 360Vulcan Team  working with the Tianfu Cup 2018 International Pwn Contest for reporting this issue to us.”

The flaw is an integer overflow bug affecting virtual network devices, it could be exploited to execute code on the Workstation host from the guest.

The flaw affects Workstation 14.x and 15.x on any platform, and Fusion 10.x and 11.x on macOS.

“We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest.added VMWware.

“We would like to thank the organisers for inviting us to attend. Stay tuned for further updates.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Daniel’s Hosting, dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]