This article was authored by Stephane List, Abby Costin, and Ram Akuka Container Security Challenges Vulnerability management has never been more important than it is with cloud-native technologies and containers. While cloud native technology offers agility and innovation, attackers take advantage of some of the risks that come with container adoption. These challenges with container … ContinuedThe post Why Vulnerability Management is Key to Your Container Security Strategy appeared
More info:
https://blogs.vmware.com/security/2022/04/why-vulnerability-management-is-key-to-your-container-security-strategy.html?utm_source=rss&utm_medium=rss&utm_campaign=why-vulnerability-management-is-key-to-your-container-security-strategy
Intel processor vulnerability CVE-2021-33150 Security Advisory Security Advisory Description Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances ...
More info:
https://support.f5.com/csp/article/K59395527?utm_source=f5support&utm_medium=RSS
NGINX LDAP Reference Implementation security exposure Security Advisory Security Advisory Description NGINX LDAP reference implementation configuration can be modified by sending crafted HTTP ...
More info:
https://support.f5.com/csp/article/K11455641?utm_source=f5support&utm_medium=RSS
The cybersecurity battle continues on a global level. Tom Kellermann, head of cybersecurity at VMware, shares his insights on the latest security threats, cyber crime cartels, defensive best practices and more on the Virtually Speaking podcast. Listen to this compelling discussion on recent global cyber threat activities and how all organizations need to be proactive … ContinuedThe post Podcast: Discussing the latest security threats and threat actors – Tom Kellermann (Virtually
More info:
https://blogs.vmware.com/security/2022/04/cybersecurity-podcast-tom-kellermann-global-threats.html?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-podcast-tom-kellermann-global-threats
Initial Publication Date: 2022/04/12 15:30 PST AWS is aware of the issues described in CVE-2022-25165 and CVE-2022-25166 relating to the AWS-provided Desktop VPN Client for Windows. These issues affect only client versions 2.0.0 and below; they have been addressed in version 3.0.0 and above. Note that these issues require existing code execution privileges and file access on the system running Desktop VPN Client for Windows. We recommend that customers upgrade to the latest version immediately
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-005/
This research was performed by Sudhir Devkar of the Threat Analysis Unit (TAU) Summary RuRansom is ransomware that is specifically targeting Russian systems. During ongoing cyber warfare between Russia and Ukraine, TAU has already seen different malware-attacks like WhisperGate, IsaacWiper, and HermeticWiper. RuRansom is a new addition to this destructive malware series. It is purposefully … ContinuedThe post RuRansom – A Retaliatory Wiper appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/04/ruransom-a-retaliatory-wiper.html?utm_source=rss&utm_medium=rss&utm_campaign=ruransom-a-retaliatory-wiper
Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021-28950 Security Advisory Security Advisory Description CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the ...
More info:
https://support.f5.com/csp/article/K01311152?utm_source=f5support&utm_medium=RSS
Initial Publication Date: 2022/04/11 16:45 PST Last Updated Date: 2022/04/12 13:00 PST A security researcher recently reported an issue with Aurora PostgreSQL. Using this issue, they were able to gain access to internal credentials that were specific to their Aurora cluster. No cross-customer or cross-cluster access was possible; however, highly privileged local database users who could exercise this issue could potentially have gained additional access to data hosted in their cluster or read
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-004/
node-ipc vulnerability CVE-2022-23812 Security Advisory Security Advisory Description This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that ...
More info:
https://support.f5.com/csp/article/K42801711?utm_source=f5support&utm_medium=RSS
Apache vulnerability CVE-2022-22721 Security Advisory Security Advisory Description If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an ...
More info:
https://support.f5.com/csp/article/K20451100?utm_source=f5support&utm_medium=RSS
