4665 matches found
VMware vSphere Data Protection 5.5.x / 5.8.x / 6.0.x < 6.0.5 / 6.1.x < 6.1.4 Multiple Vulnerabilities (VMSA-2017-0010
The version of VMware vSphere Data Protection installed on the remote host is 5.5.x, 5.8.x, or 6.0.x prior to 6.0.5, or it is 6.1.x prior to 6.1.14. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists when handling Java deserialization that allows an...
Data Anonymization: Motivation and Mechanics
Data is one of the most valuable assets a company has in its possession. And while it may not be listed as a line item on the balance sheet, when a company’s data is breached it can have a very negative impact on the bottom line—in a company’s stock price, reputation and brand. One approach to...
VMware Patches Critical Vulnerabilities in vSphere Data Protection
VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the virtual appliance, among other outcomes. The Department of Homeland Security’s CERT encouraged users and admins on Wednesday to apply the...
CVE-2017-4917
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
CVE-2017-4914
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance...
Design/Logic Flaw
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
CVE-2017-4917
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
Deserialization of untrusted data
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance...
CVE-2017-4914
CVE-2017-4914 affects VMware vSphere Data Protection (VDP) 5.5.x, 5.8.x, 6.0.x, and 6.1.x. The root cause is Java deserialization leading to arbitrary code execution on the appliance when processing crafted input (remote attacker). In the OpenVAS/Nessus entries, this is described as multiple vuln...
CVE-2017-4917
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
CVE-2017-4917
CVE-2017-4917 affects VMware vSphere Data Protection (VDP) across 5.5.x, 5.8.x, 6.0.x and 6.1.x. The issue stems from VDP locally storing vCenter Server credentials using reversible encryption, which may allow an attacker to obtain plaintext credentials. This CVE is paired with CVE-2017-4914 (des...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and...
VMware vSphere Data Protection Java Deserialization Vulnerability
VMware vSphere Data Protection VDP is a disk-based backup and recovery solution from VMware. Integrated with VMware vCenter Server, the server and virtualization management software, the solution can be used to centrally manage backup jobs while storing backup files in deduplicated target storage...
GDPR Readiness – Calculate Your Return on Security Investment (ROSI)
What is the cost of a data breach? Assuming annual revenue of £30M, a single fine could be as much as a whopping £1.2M—the maximum 4%—when the European Union’s General Data Protection Regulation GDPR becomes effective in May 2018. Compare that to a database control cost factor of £750K, the cost ...
OneLogin Password Manager Hacked; Users’ Data Can be Decrypted
Do you use OneLogin password manager? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it h...
Protect Against WannaCry with Deception-Based Ransomware Detection
The WannaCry ransomware attack caught the world off guard—and may have even literally left some crying. The attack infected more than 230,000 computers in 150 countries by encrypting data on networked machines and demanding payments in Bitcoin. According to Malwarebytes researchers, the attack...
WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening...
Update Rollup 13 for System Center 2012 R2 Data Protection Manager
Update Rollup 13 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 13 for Microsoft System Center 2012 R2 Data Protection Manager. It also contains the installation instructions for this update. Note Existing Data...
CVE-2017-6642
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
For GDPR Readiness, You Need Visibility into Your IT Assets
The looming deadline for complying with the EU’s General Data Protection Regulation GDPR is shining the spotlight on a foundational InfoSec best practice: A comprehensive IT asset inventory. The reason: GDPR places strict requirements on the way a business handles the personally identifiable...