#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Cloud Director | Breaking Cybersecurity News | The Hacker News

Category — Cloud Director
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Nov 15, 2023 Network Securit / Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider Idea
Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Apr 15, 2022
Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier  CVE-2022-22966 , has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware  said  in an advisory. VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies. The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clou
Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Oct 28, 2024Operational Technology / Cybersecurity
Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done remotely, often by third-party vendor technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS).  Learn more in our Buyer's Guide for Secure Remote Access Lifecycle Management .  We at SSH Communications Security (SSH) have been pioneering security solutions that bridge the gap between IT and OT in privileged access management . Let's investigate how we helped two customers solve their critical access control needs with us. Secure Remote Access Around the Globe to 1000s of Ships  In the maritime industry, ensuring secure and e
Expert Insights / Articles Videos
Cybersecurity Resources