RSS_Virtulization

In my day job I am often asked about the use of cloud for disaster recovery. Some organisations only operate out of a single data centre, or building, while others have a dual-site setup but want to explore a third option in the cloud. Either way, using cloud resources for disaster recovery can be a good way to learn and validate different technologies, potentially with a view to further migrations as data centre and hardware…

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from website security practices. The former involve physical steps, software solutions and even educating your employees. However, it’s equally important to protect your site to minimize the potential attack…

Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Background On February 23, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server, a centralized management software for VMware vSphere systems, as well as a vulnerability in the VMWare ESXi hypervisor. The most notable vulnerability disclosed as part of this advisory is CVE-2021-21972, a critical remote code…

A new FlexJobs survey reveals 14 of the most common–and successful–job-search scams. Here’s how to identify them and not become a victim. Image: iStock/Melpomenem Many remote workers, notably those who made the transition last year at the start of the pandemic, are at a higher risk of becoming a potential target of scammers. A year ago, there was a scramble for companies to quickly send on-premises employees to work from home and the fast-tracking put…

By Randy Reiter CEO of Don’t Be Breached So far three malware strains have been identified in the SolarWinds supply chain attack. They are the SUNBURST, SUPERNOVA, and TEARDROP malware strains. Russian hackers used the malware to potentially gain access to 18,000 government and private networks via the Solarwinds Orion network management product. Initially, it was believed that only a few dozen of the networks were gained access to by the hackers. Further investigative work…

As organizations embark on their multi-cloud journey, making sure they are cloud-ready is a critical ingredient for success. Kit Colbert said it best in his recent blog post looking at whether multi-cloud is a strategy or an inevitable outcome. In either case, having a multi-cloud plan is a must! As part of this cloud readiness, public cloud vendors have traditionally provided guidance in the form of an architectural framework. These frameworks primarily focus on the…

The United States Senate’s select committee on intelligence met yesterday to hear evidence from tech executives regarding the historic hack on Texas-based company SolarWinds.  Government agencies issued emergency directives in December after cybersecurity company FireEye detected a supply-chain attack trojanizing SolarWinds’ Orion business software updates to distribute malware. Using SolarWinds and Microsoft programs, hackers believed to have been working for Russia attacked nine federal agencies and around 100 American companies. The committee heard that both the scale and sophistication of the attack were greater…

One in four remote workers reuses work credentials on consumer sites, but IT isn’t doing them any favors by reportedly failing to provide essential protection while away from the office. Image: iStockphoto/Metamorworks Remote work has proliferated since the beginning of the COVID-19 pandemic, but nearly a year in cybersecurity hasn’t caught up, leaving businesses incredibly vulnerable. The thing is, IT software company Ivanti found, it isn’t just end users to blame for the shortcomings.  SEE: Identity…