• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

VMware delivers emergency patch for disaster recovery tool security threat

by

Cloud computing and software giant VMware has patched a vulnerability in its disaster recovery software that allowed exploiters lateral movement across the target network, as well as arbitrary code execution on the server, with maximum privileges.

The VMware vSphere Replication is a data replication tool used to create backups of virtual machines – typically in an (unlikely) case of the main virtual machine misbehaving or reporting a failure.

The flaw was first discovered by Egor Dimitrenko, a cybersecurity researcher from Positive Technologies, which registered the flaw as CVE-2021-21976 with a CVSS v3 score of 7.2. According to Dimitrenko, the flaw could have been the result of a hastily implemented update, or insufficient verification of user input, despite the fact that mechanisms to prevent these are tacks are generally built into developer tools.

Flawed vulnerability 

It is not as easy to abuse, though, due to the fact that the attackers would still need the credentials to access the tool’s administration web interface. Still, Dimitrenko says credentials could be obtained if the victims used weak passwords, or if they get targeted by a social engineering campaign.

Many of us use the same password across multiple services, and criminals are well aware of the fact. After one service gets breached and the details leak on the dark web, criminals would try it out elsewhere, often successfully logging in.

If their patch management practice doesn’t allow them to install the fix immediately, organizations are advised to use a Security Information and Event Management (SIEM) solution to monitor for potential signs of penetration until they implement the patch. SIEM solutions can help spot suspicious behavior on a server, register an incident or prevent lateral movement across the network, among other things.

View Source

Filed Under: COMPUTERS

Primary Sidebar

More to See

For the first time in the Middle East, The Sultanate of Oman hosts the International Semiconductors Executive Summit

LONDON, Feb. 2, 2023 /PRNewswire/ -- To further enhance, strengthen and expand the global semiconductor ecosystem, the International Semiconductor … [Read More...] about For the first time in the Middle East, The Sultanate of Oman hosts the International Semiconductors Executive Summit

Diverse Sounds Make Oh! You Pretty Things Sparkle

Oh! You Pretty Things performs at Petra’s. (Photo by Connor Schlosser)“You can choose your friends, but you sho can’t choose your family,” Jem tells … [Read More...] about Diverse Sounds Make Oh! You Pretty Things Sparkle

Russian millionaire on trial in hack, insider trade scheme

BOSTON -- A wealthy Russian businessman and associates made tens of millions of dollars by cheating the stock market in an elaborate scheme that … [Read More...] about Russian millionaire on trial in hack, insider trade scheme

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • 3 Challenges Women Face in the Cybersecurity Industry
  • For the first time in the Middle East, The Sultanate of Oman hosts the International Semiconductors Executive Summit
  • Diverse Sounds Make Oh! You Pretty Things Sparkle

Search

Copyright © 2023 Computer Business World