Microsoft rolls out passkey auth for personal Microsoft accounts

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

WHITEPAPERS

CASE STUDIES

TOOLS

VIEW ALL CYBERSECURITY RESOURCES →

PENETRATION TESTING

APPLICATION SECURITY

VIEW ALL CYBERSECURITY NEWS →

FREQUENTLY ASKED QUESTIONS

Why should we perform penetration testing?

Conducting a penetration test is a critical tool used by companies as part of their cybersecurity risk management strategy. It helps organizations identify and fix the vulnerabilities most likely to be exploited to breach their cybersecurity and offers counter-measures to mitigate the most important risks of facing cybersecurity incidents.

Regular testing can help ensure that your security measures are up-to-date and effective against the latest hacking techniques and cyber threats.

Will your pentest help us meet compliance requirements?

Our penetration tests helps several organizations of all types meet compliance requirements every year by identifying vulnerabilities that need remediation. Once remediation testing is completed, we provide an official attestation confirming that vulnerabilities have been remediated, helping organizations meet compliance requirements efficiently.

How is it conducted? What is the process?

The process is divided in various stages including reconnaissance, scanning, exploitation, and post-exploitation stages to identify vulnerabilities and safely exploit them to determine their full impact. Detailed reports are then provided after testing to help you understand and address discovered issues.

During testing, our experts leverage a combination of manual and automated techniques to simulate exploits and attacks that would be used by hackers in a real-world scenario in accordance with the latest industry standards.

How much does it cost?

The cost of a penetration test can vary significantly depending on the scope of the assessment. For external penetration testing, one of the most significant factors in the price is the number of IP addresses that need to be evaluated. For an application penetration test, the complexity of the app and the number of user roles will directly impact pricing.

Learn more about the main factors that determine the cost of a penetration test →

Quickly receive a free quote with no engagement using our self-quoting tool →

Looking For Additional Information?

Visit our detailed FAQ to learn more or get in touch with a Vumetric expert directly to receive free guidance and advice.

DETAILED FAQ

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

1-877-805-7475

[email protected]

GET STARTED

Hackers exploit critical VMware RCE flaw to install backdoors

Backdoor, Critical, Exploit, RCE, VMWare
April 26, 2022

Advanced hackers are actively exploiting a critical remote code execution vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access.

The issue was addressed in a security update 20 days ago along with two more RCEs – CVE-2022-22957 and CVE-2022-22958 that also affect VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

Soon after the public disclosure of the flaws, proof of concept exploit code emerged in the public space, enabling hackers leveraged to target vulnerable VMware product deployments.

VMware confirmed CVE-2022-22954 exploitation in the wild.

The adversaries gain initial access to the environment by exploiting CVE-2022-22954, the only one in the RCE trio that doesn’t require administrative access to the target server and also has a publicly available PoC exploit.

“Morphisec research observed attackers already exploiting this vulnerability to launch reverse HTTPS backdoors-mainly Cobalt Strike, Metasploit, or Core Impact beacons” – Morphisec.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

Microsoft rolls out passkey auth for personal Microsoft accounts

2024-05-06

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

2024-05-02

London Drugs closes all of its pharmacies following ‘cybersecurity incident’

2024-04-29

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

View more cybersecurity news →

Featured Services

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Medical Device Penetration Testing

Cloud Infrastructure Penetration Testing

Enterprise
Cybersecurity Audit

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Microsoft releases Exchange hotfixes for security update issues

Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates

Read The Article →

Synlab Italia suspends operations following ransomware attack

Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline

Read The Article →

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE 2024 3400 would be possible by disabling the devices 8217 telemetry it has now been comfirmed

Read The Article →

VIEW MORE RECENT NEWS →

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

Looking for more details on how we can help or need guidance to determine the approach best suited for your organization? Plan a virtual meeting with a member of our team to discuss further without any engagement.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

Have a Question?

Got an Urgent Need?

1-877-805-7475

Stay Updated on Cyber Risks

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.

1-877-805-7475

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

External Penetration Testing

Internal Penetration Testing

Web Application Penetration Testing

Medical Device Penetration Testing

Cloud Security Services

SCADA Cybersecurity Assessment

Cyber Maturity Assessment

Red Team Security Services

Consulting & Professional Services

Compliance Services

Looking For Additional Information?

About Vumetric

Partnership Program

Certifications

PTaaS Platform

Methodologies

Careers

Hackers exploit critical VMware RCE flaw to install backdoors

Recent News

Featured Services

The Latest Cybersecurity News

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

USA - HQ

Canada - HQ

Canada - Satellite

BOOK A MEETING

Enter your Email Address

PENETRATION TESTING Buyer's Guide

Everything You Need to Know