All news with #vmware tag

AWS Transform auto-generates Landing Zone network YAML

☁️ AWS Transform for VMware can now automatically convert VMware network environments into Landing Zone Accelerator (LZA)-compatible YAML network configurations that can be directly imported and deployed via LZA. Building on existing IaC output formats such as CloudFormation, AWS CDK, and Terraform, this capability reduces manual re-creation of network settings, lowers the risk of configuration errors, and accelerates migration timelines while aligning deployments with enterprise security and compliance standards.

AWS Transform Generates LZA Network Configurations

🔁 AWS now enables AWS Transform for VMware to automatically generate network configuration YAML files that are directly compatible with the Landing Zone Accelerator on AWS (LZA). Building on Transform’s existing infrastructure-as-code outputs for AWS CloudFormation, AWS CDK, and Terraform, the capability converts VMware network environments into LZA-ready YAML that can be imported into LZA’s deployment pipeline. The feature is available in all AWS Transform target Regions and is intended to reduce manual effort and deployment time while improving consistency across multi-account environments.

Amazon EVS Expanded to Mumbai, Sydney, Canada, Paris

🚀 Amazon has expanded Amazon Elastic VMware Service (EVS) to all availability zones in Asia Pacific (Mumbai), Asia Pacific (Sydney), Canada (Central), and Europe (Paris). EVS runs VMware Cloud Foundation on EC2 bare‑metal instances powered by AWS Nitro, and can be deployed via a step‑by‑step workflow or the AWS CLI in hours. The expansion delivers lower latency, improved data‑residency options, and additional resiliency and high‑availability choices for VMware workloads.

CISA Flags VMware Tools Zero-Day in KEV Catalog; Exploited

🛡️ CISA has added the high-severity flaw CVE-2025-41244, impacting Broadcom VMware Tools and VMware Aria Operations, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. The bug (CVSS 7.8) allows a malicious local, non-administrative user with VM access and SDMP enabled to escalate privileges to root on the same VM. Broadcom-owned VMware released a patch last month, but NVISO Labs says the zero-day was exploited in the wild since mid-October 2024 and attributes activity to a China-linked actor tracked as UNC5174. Federal civilian agencies must implement mitigations by November 20, 2025.

CISA orders federal patch for VMware Tools privilege bug

⚠️ CISA has ordered Federal Civilian Executive Branch agencies to remediate a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools (CVE-2025-41244), patched by Broadcom in October 2024. The flaw enables a local, non-administrative user on a VM to escalate privileges to root when Aria Operations’ SDMP is enabled or when VMware Tools runs in credential-less mode. Agencies must patch within three weeks under BOD 22-01; CISA also urges all organizations to prioritize mitigations or discontinue affected products if no fix is available.

CISA Adds Two CVEs to Known Exploited Vulnerabilities

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-24893 (XWiki Platform eval injection) and CVE-2025-41244 (Broadcom VMware Aria Operations and VMware Tools privilege-defined unsafe actions). Evidence indicates active exploitation and substantial risk to the federal enterprise. Under BOD 22-01, affected FCEB agencies must remediate by required due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.

LockBit Resurges with New Variant and Fresh Victims

🛡️ LockBit has reemerged after a disruption in early 2024 and is actively extorting new victims. Check Point Research identified roughly a dozen organizations hit in September 2025, and about half of those incidents involved the new LockBit 5.0 variant, labeled ChuongDong. The group is deploying attacks across Windows, Linux and ESXi environments in Europe, the Americas and Asia. Check Point Harmony Endpoint and Quantum customers are protected via Threat Emulation, which can block these attacks before encryption occurs.

VMware Certification and VMUG Advantage: Career Power Move

🔑 VMware certification is presented as a repeatable framework for mastering complex infrastructure and advancing careers, and VMUG Advantage is offered as an accelerator for that journey. The piece, authored by VMUG leadership, highlights survey data from Pearson VUE showing certification-driven promotions and confidence gains. It outlines tangible member benefits—discounts on training and exams, personal-use licenses, on-demand labs, and global community mentorship—and positions certification as a strategic investment for individuals and teams seeking secure, scalable IT practices.

How VMware Certification Helped Advance a Tech Career

🎓Certification gave Matt Heldstab a clear framework and the confidence to tackle complex virtualization and multi-cloud challenges. Preparing for VCP certifications and VMware Cloud Foundation exams taught him architecture best practices, troubleshooting patterns, and how to communicate effectively with leadership. Hands-on lab work and community engagement—especially through VMUG—accelerated his development and enabled him to lead projects and speak publicly. He frames certification as a mindset shift from reactive operator to strategic architect.

Threat actors abusing Velociraptor in ransomware attacks

⚠️Researchers have observed threat actors leveraging the open-source DFIR tool Velociraptor to maintain persistent remote access and deploy ransomware families including LockBit and Babuk. Cisco Talos links the campaigns to a China-based group tracked as Storm-2603 and notes use of an outdated Velociraptor build vulnerable to CVE-2025-6264. Attackers synchronized local admin accounts to Entra ID, accessed vSphere consoles, disabled Defender via AD GPOs, and used fileless PowerShell encryptors with per-run AES keys and staged exfiltration prior to encryption.

Broadcom Patches VMware NSX and vCenter Vulnerabilities

🔒 Broadcom has released security updates for VMware vCenter and NSX addressing multiple high-severity vulnerabilities, including CVE-2025-41250, CVE-2025-41251 and CVE-2025-41252. The most serious, an SMTP header injection in vCenter (CVSSv3 8.5), allows non-administrative users to tamper with scheduled email notifications and has no available workaround. Two NSX flaws permit unauthenticated username enumeration, which can facilitate brute-force or credential-stuffing attacks. Administrators are urged to apply the fixed versions immediately.

VMware flaws allow username enumeration, patches released

🛡️ Three important vulnerabilities were disclosed in VMware products, including two in NSX that allow unauthenticated username enumeration and one in vCenter that permits SMTP header manipulation by authenticated non‑admin users with scheduled task privileges. The U.S. National Security Agency discovered two of the issues and all three are rated Important. VMware has released patches to address the flaws. Organizations are urged to apply updates immediately, avoid exposing vCenter to the internet, enforce multi‑factor authentication, change default credentials, and deploy layered protections such as web application firewalls and brute‑force detection controls.

Chinese Hackers Exploited VMware Zero-Day Since Oct 2024

🔒 Broadcom issued patches for a high-severity privilege escalation vulnerability in VMware Aria Operations and VMware Tools that has been actively exploited since October 2024. European firm NVISO linked the in-the-wild abuse to the China-aligned group UNC5174 and published a proof-of-concept for CVE-2025-41244. The flaw allows an unprivileged local attacker to stage a malicious binary (commonly in /tmp/httpd), have it discovered by VMware service discovery, and escalate to root-level execution on vulnerable VMs.

AWS Transform Adds Terraform Module Generation for VMware

🔁 AWS Transform for VMware now generates reusable Terraform modules from discovered VMware network definitions, complementing existing AWS CloudFormation and CDK outputs. The feature converts source network configurations into modular, customizable infrastructure code that fits into current deployment pipelines. It is available in all Regions where the service is offered and helps teams preserve operational consistency during migrations. By producing Terraform modules, the service enables reuse of Terraform-based workflows, reduces manual configuration effort, and supports teams that prefer Terraform for network automation.

VMware Certification Surge Amid Shifting IT Landscape

🔒 VMware certifications are rising as IT teams confront hybrid, multi-cloud, and security complexity. Sponsored by VMUG, the article argues that certification has shifted from a resume boost to an operational requirement that helps reduce misconfiguration-driven breaches and embed security best practices. It highlights measurable financial value per certified employee, the role of VMUG Advantage in providing exam discounts and study resources, and how certifications support hiring, onboarding, and career resiliency.

Amazon EVS Now Available in Singapore and London Regions

🚀Today AWS announced that Amazon Elastic VMware Service (Amazon EVS) is available in all availability zones in the Asia Pacific (Singapore) and Europe (London) Regions. Amazon EVS runs VMware Cloud Foundation directly within your Amazon VPC on EC2 bare-metal instances powered by AWS Nitro. You can deploy a complete VCF environment in hours using the guided configuration workflow or the AWS CLI with automated deployment, enabling faster migrations, lower latency for end users, and improved compliance and resiliency.

Broadcom Patches VMware NSX Username-Enumeration Flaws

🔒 Broadcom released updates addressing two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). The flaws (CVE-2025-41251 and CVE-2025-41252) permit unauthenticated attackers to enumerate valid usernames via a weak password-recovery flow and a separate enumeration vector, which could be used to support brute-force or unauthorized login attempts. Administrators should apply the vendor patches immediately and verify recovery workflows and logging.

China-linked UNC5174 exploiting VMware Tools zero-day

⚠️ NVISO Labs says China-linked UNC5174 has been exploiting a newly patched local privilege escalation bug, CVE-2025-41244, in Broadcom VMware Tools and VMware Aria Operations since mid-October 2024. The vulnerability (CVSS 7.8) stems from a vulnerable get_version() regex that can match non-system binaries in writable directories (for example, /tmp/httpd) and cause metrics collection to execute them with elevated privileges. VMware and Broadcom have released fixes and mitigations; affected organizations should apply vendor patches and follow VMware's guidance, and Linux distributions will receive patched open-vm-tools packages from vendors.

Broadcom VCF Licensing Change Affects VMware Engine

🔔 Broadcom is changing its VMware Cloud Foundation (VCF) licensing for hyperscalers to an exclusive bring-your-own subscription model effective November 1, 2025. For Google Cloud VMware Engine (GCVE) customers this means future clusters will require purchasing portable VCF subscriptions directly from Broadcom and using GCVE’s existing BYOL option. Google introduced a BYOL path for GCVE in 2024 and notes the managed service itself remains unchanged. Transition rules and timing differ for committed use discounts and on-demand nodes, so customers should review their commitments.

LockBit 5.0 Released: Faster ESXi Encryption, Evasion

🔒 LockBit 5.0 introduces faster ESXi drive encryption and enhanced evasion techniques, according to Trend Micro. The release includes Windows, Linux and VMware ESXi variants featuring heavy obfuscation, ETW patching, DLL reflection and hypervisor-targeted encryption designed to amplify impact. Researcher Jon DiMaggio describes the update as largely incremental fine-tuning and self-branding aimed at restoring affiliate trust after Operation Cronos.