• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • Business
  • Careers
  • Computers
  • Tech
  • About/Contact

VMware delivers emergency patch for disaster recovery tool security threat

February 22, 2021 by CBW Reporter

Cloud computing and software giant VMware has patched a vulnerability in its disaster recovery software that allowed exploiters lateral movement across the target network, as well as arbitrary code execution on the server, with maximum privileges.

The VMware vSphere Replication is a data replication tool used to create backups of virtual machines – typically in an (unlikely) case of the main virtual machine misbehaving or reporting a failure.

The flaw was first discovered by Egor Dimitrenko, a cybersecurity researcher from Positive Technologies, which registered the flaw as CVE-2021-21976 with a CVSS v3 score of 7.2. According to Dimitrenko, the flaw could have been the result of a hastily implemented update, or insufficient verification of user input, despite the fact that mechanisms to prevent these are tacks are generally built into developer tools.

Flawed vulnerability 

It is not as easy to abuse, though, due to the fact that the attackers would still need the credentials to access the tool’s administration web interface. Still, Dimitrenko says credentials could be obtained if the victims used weak passwords, or if they get targeted by a social engineering campaign.

Many of us use the same password across multiple services, and criminals are well aware of the fact. After one service gets breached and the details leak on the dark web, criminals would try it out elsewhere, often successfully logging in.

If their patch management practice doesn’t allow them to install the fix immediately, organizations are advised to use a Security Information and Event Management (SIEM) solution to monitor for potential signs of penetration until they implement the patch. SIEM solutions can help spot suspicious behavior on a server, register an incident or prevent lateral movement across the network, among other things.

View Source

Filed Under: Computers

Primary Sidebar

More to See

Stocks making the biggest moves after the bell: Intel, Snap, Silicon Labs, Boston Beer & more

Signage for Snap Inc., parent company of Snapchat, adorns the front of the New York Stock Exchange, March 2, 2017 in New York City.Getty ImagesCheck … [Read More...] about Stocks making the biggest moves after the bell: Intel, Snap, Silicon Labs, Boston Beer & more

Nestle CEO says business case for sustainability emerges as consumers demand it more than before

Nestle is maintaining growth despite committing billions of dollars towards improving the company's environmental footprint, CEO Mark Schneider told … [Read More...] about Nestle CEO says business case for sustainability emerges as consumers demand it more than before

Keywords Studios snaps up another game developer

After a year jam-packed with acquisitions, Keywords Studios has added another game development company to its list of purchases. The Dublin-based … [Read More...] about Keywords Studios snaps up another game developer

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Nestle CEO says business case for sustainability emerges as consumers demand it more than before
  • Delta orders 25 additional Airbus A321neo jetliners, options for 25 more
  • Shareholders Are Pressing for Climate Risk Disclosures. That’s Good for Everyone.

Search

Copyright © 2021 Computer Business World