RSS_Virtulization

Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding activity involving advanced persistent threat (APT) actors. In March 2021, the FBI and CISA observed APT actors scanning and enumerating publicly accessible Fortinet systems over ports 4443, 8443 and 10443. The agencies believe these APT actors are gathering a…

The VMware Cloud platform continues to evolve to enable VMware customers and partners to take advantage of new and exciting capabilities. VMware provides frequent updates to the Software Defined Data Center (SDDC) technologies that make the platform so powerful. These updates are the foundation for VMware Cloud’s continuous stream of innovation. The SDDC release cadence distinguishes between two flavors of updates. Essential SDDC version: These deployments (even numbered SDDC versions such as 1.10 and 1.12) provide the stable base as the Organization (“Org”) default for all new SDDC deployments…

Today we are pleased to announce the release of Docker Desktop 3.3. We’ve been listening to your feedback on our Public Roadmap and we are consistently asked for three things: smaller downloads, more flexible installation options, and more frequent feature releases, bug fixes, and security updates. We also heard from our community that the smaller updates are appreciated, requiring immediate installation is not convenient, and automatic background downloads are problematic for developers on constrained or…

Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users. Image: iStockphoto/milo827 Thanks to the pandemic, the zero trust cybersecurity model has come into its own. However, like most things concerning cybersecurity, zero trust has a good side, a bad side and an ugly side. Before we get into that, there is a need to agree upon what zero trust means, as there are many different…

Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. Jack Wallen shows you how to use this tool. Image: Docker One of the biggest issues surrounding container deployments is security. This is such an issue because there are so many moving parts to be checked. You might have your container manifests perfectly secure, but what about your host? Or maybe your host is sound,…

Police in Chicago have arrested a former track and field coach for allegedly soliciting sexually explicit images from female athletes under false pretenses.  Chicago resident Steve Waithe was arrested on April 7 and charged with one count of wire fraud and one count of cyberstalking.  Waithe attended Loch Raven High School, where he was the Maryland State Champion in the triple jump. From 2014–15, the 28-year-old competed on Penn State’s track and field team. Coaching positions at Illinois…

The number of suspicious unemployment-related emails targeting Americans rose by 50% after the third round of stimulus checks was announced in late February, according to new data from Tessian’s threat intelligence team. News of the phishing surge comes after the United States Department of Justice warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, “for the purpose of unlawfully capturing consumers’ personal information.” Threat researchers found that during the week of February 24,…

A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of a supply chain attack, threat actors compromised at least one server of the company to deliver malware. Gigaset AG, formerly known as Siemens Home and Office Communication Devices, is a multinational corporation based Germany. The company is most active in the area of communications…

Jack Wallen shows you how to install and configure FreeRADIUS as a centralized SSH authentication tool. Image: iStock/structuresxx You might have a large number of Linux machines in your data center, most of which are managed by a team of admins. Those admins probably use secure shell to access those servers. Because of that, you might want to use a centralized location to manage the authentication of those admins. For that, you can employ a…

Nearly two-thirds of Americans avoid using websites or accounts for which they have forgotten their password, according to new research published today by LastPass. The password manager and Vault app maker commissioned OnePoll to survey 2,005 Americans about their password habits.  According to LastPass, the results show that the “long-standing trend of poor password behavior persists despite increasing risks online.”  Almost two-thirds (64%) of survey respondents admitted that they would avoid visiting certain websites or accounts where they’ve forgotten their…