Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines.
The security experts were able to manipulate the virtual disk images in a way that caused host disks to be mounted in the guest system after launching the VM. Successful attacks have been mounted in this way against fully patched copies of ESXi 5.0, but the researchers point out that, as far as they are aware, this has so far only happened under laboratory conditions.
McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.
The issue is not a serious problem and does ...
Microsoft late Friday confirmed that a "zero-day," or unpatched, vulnerability exists in Internet Explorer 8 (IE8), the company's most popular browser.
According to multiple security firms, the vulnerability ...
If you run a bank and use an IP video camera from D-Link, you may want to pay attention to this.
A number of IP-based surveillance video cameras made by D-Link ...
Amazon Web Services (AWS) is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it looks to increase the level ...
Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows ...
McAfee spots Adobe Reader PDF-tracking flaw
Microsoft admits zero-day bug in IE8, pledges patch
D-Link firmware flaws could allow IP video stream
Amazon looks to move security appliances to the
AP Twitter hack prompts fresh look at cyber