RSS_Virtulization

Tripwire’s February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VWware and Microsoft. First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat “Ghostcat” vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework. Next on the list are patches for ESXi and vCenter. These patches resolve three issues including heap-overflow, SSRF, and remote code execution. Note that proof of concept exploit…

Have you ever noticed how closely your role as the CISO of your organisation resembles that of the Wizard from “The Wizard of Oz?” As the Wizard, you are expected to be all-knowing, all-seeing and all-powerful. Your role is to keep everyone safe from the evils of the world while frantically pulling levers, pressing buttons and turning dials behind the curtain. Life behind the curtain as a CISO Like Dorothy, many would be surprised about…

Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild. Background On March 2, Microsoft published out-of-band advisories to address four zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. In a blog post, Microsoft attributes the exploitation of these flaws to a state-sponsored group it calls HAFNIUM. The group has historically targeted U.S.-based institutions, which include “infectious disease researchers, law firms, higher education institutions,…

SANTA CLARA, Calif., March 2, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, announced that it has completed its acquisition of Bridgecrew, a developer-first cloud security company. The acquisition will enable “shift left” security, with Prisma® Cloud becoming the first cloud security platform to deliver security across the full application lifecycle. “We are excited to welcome Bridgecrew to the Palo Alto Networks family,” said Nikesh Arora, chairman and CEO of Palo…

During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting defense and security.  During the recent video conference of the members of the European Council (25-26 February 2021), NATO chief Jens Stoltenberg highlighted the importance to define a strategy to boost defense and security. “We want to act more strategically, to defend our interests and to promote our values.” said Charles Michel, President of the…

Whether paying ransom for data held hostage makes sense depends on many variables. Experts define the variables and why they’re important. Image: vchal, Getty Images/iStockphoto Whether to pay ransom in order to unlock hijacked data or stop a Distributed Denial of Service attack is a hot topic right now. Like many other issues, on the surface it appears to be a simple yes or no decision. However, if you take in the whole picture, making…

Android 11: How to enable enhanced randomize MAC addresses Length: 1:00 | Mar 2, 2021 Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how. Source link