RSS_Virtulization

SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile Access Background On January 22, SonicWall published a product notification regarding a “coordinated attack on its internal systems” conducted by “highly sophisticated threat actors.” SonicWall believed the attackers had exploited “probable zero-day vulnerabilities” in specific SonicWall products used for remote access. As they continued with their investigation, they provided additional updates into the root cause of the attack, primarily…

America’s National Cyber Investigative Joint Task Force (NCIJTF) has released a new joint-seal fact sheet in a bid to raise public awareness about ransomware. The sheet was created to publicize both the current threat posed by this particular type of malware and detail the United States government’s response. In addition, the document describes common infection vectors, tools for attack prevention, and who to contact in the event of a ransomware attack. To produce the sheet, the NCIJTF…

Original blog posted on Feb 1st, 2021 Oracle Cloud VMware Solution eases enterprise cloud migration. Read the latest blog featuring Clay Magouryk, Executive Vice President of Oracle Cloud Infrastructure to find out why expediting cloud migration is great for business.  Large companies are always torn between preserving their investments in key information technology and adopting the latest-and-greatest advancements. Oftentimes moving to the latest thing means leaving the old latest thing behind despite  the huge value it…

“The direct gateway to organizations’ most critical data and assets” is an attractive target for hackers, Salt Security found in a new report. Image: iStock/sdecoret Cybersecurity company Salt Security has put together a new report centered around the security of APIs, which help back most of the apps used throughout the day.  Experts have long worried about the security risks associated with the widespread use of APIs, with Gartner writing in a report that by…

This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do.  Although there’s been a lot of chatter about supply chain attacks, we’re going to bring you a slightly different perspective. Instead of talking about the technique, let’s talk about what it means to a SOC and more importantly focusing…

Organizations in the United States are impacting their security by dilly-dallying when it comes to granting and revoking system access, according to new research.  A study published today by the Identity Defined Security Alliance (IDSA) uncovered significant delays in giving and rescinding access to corporate systems, impacting operations and increasing potential risk to the organization. The non-profit’s report, “Identity and Access Management: The Stakeholder Perspective,” found that for the majority of companies (72%) it takes…

Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis by Barracuda Networks. In its new report, Threat Spotlight: Automated attacks on web applications, the cybersecurity firm revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses…

American technology company IBM announced today that it will be making $3m available to US public schools in the form of cybersecurity grants. Grants in the form of in-kind services will be awarded to six school districts to sponsor “teams of IBMers” from the company’s Service Corps Program who will help schools proactively prepare for cyber-attacks and learn how to mitigate them.  The announcement comes after an IBM-sponsored study revealed that nearly 60% of school staff are unprepared…

Security researchers at Google have claimed that a quarter of all zero-day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software. In a blog post, Maddie Stone of Google’s Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely related to previously publicly disclosed vulnerabilities, and “potentially could have been avoided if a more thorough investigation and…

We are happy to announce that Docker has contributed Docker Distribution to the Cloud Native Computing Foundation (CNCF). Docker is committed to the Open Source community and open standards for many of our projects, and this move will ensure Docker Distribution has a broad group maintaining what is the foundation for many registries.  What is Docker Distribution? Distribution is the open source code that is the basis of the container registry that is part of Docker…