What is vGPU?
vGPU provides the ability to virtualize the GPU of a graphics card, specifically an NVIDIA K card. Most applications in VDI environments do not require a GPU; however, for CAD, engineering, and medical applications, GPUs are typically required. For more information on vGPU take a look at this article.
Citrix recently announced vGPU support for mixed environments – Citrix XenDesktop/XenApp on the front-end and VMware vSphere on the back end. The requirements for vGPU are VMware vSphere 6 and Citrix XenDesktop/XenApp 7.6.
Citrix has supported Nvidia vGPU for over a year now with the use of Citrix XenServer and XenDesktop/XenApp. For mixed environments, vGPU did not work and vSGA, software based GPU virtualization (DirectX 9 and OpenGL 2.1), was the alternative. While this worked for some GPU applications, it was not ideal and it did not provide hardware-based virtualization. The workaround for this was to dedicate the GPU to a specific virtual desktop, a solution that is not at all scalable.
VMware also released vGPU support for vSphere 6, which means you can now virtualize the GPU for Horizon View. This is a welcome feature to the Horizon solution. The requirements for vGPU for VMware are vSphere 6 and Horizon 6.1.
The use of vGPU is definitely a plus in a mixed environment with a Citrix XenApp/XenDesktop front end and VMware vSphere as the back end, and a welcome feature on the VMware side. Please contact your Gotham Account Manager for more information on these solutions.
March 25, Securityweek – (International) Over 15,000 vulnerabilities detected in 2014: Secunia. Secunia released its annual vulnerability review and found that 15,435 vulnerabilities across 3,870 applications from 500 vendors were discovered in 2014, 11 percent of which were considered highly critical, while .3 percent were rated extremely critical. The report also states that over 60 percent of attacks occurred through remote networks, making it the most common attack vector, among other trends. Source
March 25, Help Net Security – (International) Half of all Android devices vulnerable to installer hijacking attacks. Security researchers at Palo Alto Networks discovered that a critical Android vulnerability discovered over a year ago and dubbed “Android Installer Hijacking” can allow attackers to completely compromise devices, by changing or replacing seemingly legitimate applications with malware during installation, without users’ knowledge. The flaw affects all devices running Android versions 4.2 and earlier, and some running version 4.3. Source
March 24, Softpedia – (International) Yebot backdoor built for wide range of malicious operations. Security researchers from Dr.Web discovered that a backdoor trojan dubbed Yebot can run file transfer protocol (FTP) and socket secure (SOCKS) 5 proxy servers, gain remote access to systems through a remote desktop protocol (RDP), capture keystrokes and screenshots, intercept system functions, change code of running processes, search for private keys, and intercept all features associated with Web browsing. The trojan infects computers by injecting code into four Microsoft Windows processes before downloading and decrypting its contents and running in memory. Source
March 24, Softpedia – (International) Leaked full version of NanoCore RAT used to target energy companies. Security researchers at Symantec identified that approximately 40 percent of systems infected by the widely-available NanoCore remote access trojan (RAT) delivered by a malicious rich text format (RTF) or Microsoft Word file that exploits an old vulnerability in Windows Common Controls ActiveX component since January 2014 were in the U.S., while cyber-criminals have been employing the malware in targeted attacks on energy companies in Asia and the Middle East since March 6. Source
March 24, Softpedia – (International) Over 22.5 million PUAs detected last month by antivirus vendor. Germany-based Avira reported that the company’s antivirus software detected over 22.5 million potentially unwanted applications (PUAs) and highlighted five as the most prevalent in February that could inject malicious code, request sensitive information from users, or extract information without their consent. Source
March 23, NJ.com – (International) Alleged hacker brought to N.J. on charges of large-scale identity theft. A Romanian national was extradited to the U.S. March 20 to face charges that he allegedly oversaw a large-scale computer hacking scheme in which he breached computer systems of retailers, medical offices, security companies, and individuals’ online accounts to obtain several thousand user names, passwords, and payment card numbers from 2011 – 2014, including 10,000 credit and debit cards from one victim alone. Source
March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at Hewlett Packard and Google Project Zero’s Pwn2Own hacking competition. Source
March 19, Softpedia – (International) OpenSSL’s undisclosed high-severity issue is far from FREAK, POODLE, or Heartbleed. OpenSSL released an update for its cryptographic library addressing one high severity denial-of-service (DoS) vulnerability affecting version 1.0.2 that could allow a NULL pointer dereference to occur. The update also addressed a number of other moderate vulnerabilities affecting several OpenSSL versions, including segmentation faults and an issue with processing Base64 encoded data. Source
March 19, IDG News Service – (International) At least 700,000 routers given to customers by ISPs are vulnerable to hacking. A security researcher discovered that over 700,000 ADSL routers, mostly running firmware from the China-based Shenzhen Gongjin Electronics, doing business as T&W trademark, and distributed to customers from internet service providers (ISPs) worldwide, contain directory transversal flaws in their firmware that could allow attackers to extract sensitive data and change router configuration settings. The researcher notified the firmware developer, affected device vendors, and the U.S. Computer Emergency Readiness Team (US-CERT). Source
March 18, Softpedia – (International) Ransomware uses GnuPG encryption program to lock down files. Researchers from Bleeping Computer and Emsisoft discovered that cybercriminals are using open source GNU Privacy Guard (GnuPG) code and Visual Basic Scripting Edition (VBS) to power VaultCrypt ransomware that uses a 1024-bit RSA key pair to encrypt information and Microsoft’s sDelete application to remove data used in the process. The ransomware sends user log-in credentials for Web sites to a command and control (C&C) server hidden in the Tor anonymous network. Source
March 18, Softpedia – (International) Repackaged Android apps filling third-party stores. Security researchers at Trend Micro discovered an increase of the number of Android apps that are either localized or repackaged containing malware being released for free on unofficial app stores, including spyware that can intercept payment notices or collect the user’s phone model and location, and list of installed apps. Source
March 17, U.S. Attorney’s Office, Eastern District of New York – (New York) New York City Police Department auxiliary officer charged with hacking into NYPD computer and FBI database. An auxiliary officer with the New York City Police Department (NYPD) was arrested and charged March 17 for allegedly using his position to hack into a restricted NYPD computer and other sensitive law enforcement computer systems by installing multiple electronic devices in the Traffic Safety Office of an NYPD precinct to obtain the personal information of thousands of citizens in order to commit fraud. The auxiliary officer ran over 6,400 queries and contacted individuals involved in traffic accidents falsely claiming to be affiliated with a law firm in order to encourage the victims to hire his services. Source