hypervisor | Breaking Cybersecurity News | The Hacker News

Multiple security flaws have been  disclosed  in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and 13.5.2, respectively, the Broadcom-owned virtualization services provider said. A brief description of each of the flaws is below - CVE-2024-22267  (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host CVE-2024-22268  (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtua...

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization ( SEV ) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed  CacheWarp  (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the Graz University of Technology. It impacts AMD CPUs supporting all variants of SEV. "For this research, we specifically looked at AMD's newest TEE, AMD SEV-SNP, relying on the experience from previous attacks on Intel's TEE," security researcher Ruiyi Zhang told The Hacker News. "We found the 'INVD' instruction [flush a processor's cache contents] could be abused under the threat model of AMD SEV." SEV, an  extension  to the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the me...

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access to the  hypervisor  as well as execute arbitrary commands. The  hyperjacking attacks , per the cybersecurity vendor, involved the use of malicious vSphere Installation Bundles ( VIBs ) to sneak in two implants, dubbed VIRTUALPITA and VIRTUALPIE, on the ESXi hypervisors. "It is important to highlight that this is not an external remote code execution vulnerability; the attacker needs admin-level privileges to the ESXi hypervisor before they can deploy malware," Mandiant researchers Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore said in an exhaus...