'

VMware patches critical access control vulnerability in Aria Automation

VMware patches critical access control vulnerability in Aria Automation

VMware has released updates for Aria Automation, its multi-cloud infrastructure automation platform for public, private and hybrid clouds, to fix a critical vulnerability that could allow authenticated attackers to access remote organizations and workflows. VMware Cloud Foundation, a suite of software-defined services for setting up private clouds, is also impacted if the products were deployed … Read more

VMware Fixes Critical Aria Automation Bug

VMware Fixes Critical Aria Automation Bug

VMware is warning of a critical-severity vulnerability in its infrastructure automation platform, Aria Automation, which if successfully exploited by cybercriminals could allow unauthorized access to remote organizations and workflows. The issue (CVE-2023-34063) stems from a missing access control in the Aria Automation platform, formerly known as vRealize Automation. All versions of Aria Automation prior to … Read more

Categories duo

Patched Windows SmartScreen bug actively exploited in Phemedrone infections

Patched Windows SmartScreen bug actively exploited in Phemedrone infections

A Microsoft Defender SmartScreen vulnerability patched in November has found fresh active exploitation in a Phemedrone information-stealing malware campaign, according to cybersecurity research and development company Trend Micro. The critical vulnerability, which is tracked as CVE-2023-36025 (CVSS 8.8), allows attackers to bypass Windows Defender SmartScreen checks and their associated prompts. “During routine threat hunting, Trend … Read more

ShmooCon to take its final bow in 2025

ShmooCon to take its final bow in 2025

This year’s annual ShmooCon in Washington, DC, got off the ground with some surprising news: Next year will be the last for this popular and beloved hacker conference. Or, as the event’s organizers, husband and wife Bruce and Heidi Potter, heads of conference owner Shmoo Group, put it during the opening session of the conference, … Read more

The OWASP AI Exchange: an open-source cybersecurity guide to AI components

The OWASP AI Exchange: an open-source cybersecurity guide to AI components

As cyber practitioners scramble to upskill themselves on the topic of artificial intelligence (AI) security and their organizations quickly adopt AI tools, platforms, applications, and services, various resources are emerging in the industry to help practitioners process the ever-changing landscape. One of the most useful of those is the Open Worldwide Application Security Project (OWASP) … Read more