Month: abril 2022

VMware is making the effort to actively align with a global network of industry and public sector organizations focused on early warning and rapid response efforts to protect your organization’s infrastructure. Moving in sync with the Joint Cyber Defense Collaborative (JCDC) convened by the U.S. Cyber and Infrastructure Security Agency (CISA), VMware’s goal is to … ContinuedThe post Deconstructing Destructive Attacks to Separate Fiction from Facts: Webinar Exclusive 5/3 More info: https://blogs.vmware.com/security/2022/04/deconstructing-destructive-attacks-to-separate-fiction-from-facts-webinar-exclusive-5-3.html?utm_source=rss&utm_medium=rss&utm_campaign=deconstructing-destructive-attacks-to-separate-fiction-from-facts-webinar-exclusive-5-3

Initial Publication Date: 2022/04/11 16:45 PST A security researcher recently reported an issue with Aurora PostgreSQL. Using this issue, they were able to gain access to internal credentials that were specific to their Aurora cluster. No cross-customer or cross-cluster access was possible; however, highly privileged local database users who could exercise this issue could potentially have gained additional access to data hosted in their cluster or read files within the operating system of the More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-004/

Since the inception of virtualization technology, VMware has delivered innovative solutions to customers on the path to digital transformation. These solutions, combined with VMware’s collaborations with Intel, are transforming security across software and hardware to connect and better secure applications and data wherever they reside – from data center to cloud to the intelligent edge. … ContinuedThe post VMware Carbon Black Reduces Cloud Security Costs Up to 35% with the More info: https://blogs.vmware.com/security/2022/04/vmware-carbon-black-reduces-cloud-security-costs-up-to-35-with-the-latest-intel-powered-ec2-instances.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-carbon-black-reduces-cloud-security-costs-up-to-35-with-the-latest-intel-powered-ec2-instances

This article was authored by Stephane List and Abby Costin Overview On March 29, 2022, two new CVEs were discovered in the Spring Core java library: CVE-2022-22963 : In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality, it is possible for a user to provide a specially crafted SpEL … ContinuedThe post How to hunt for Spring4Shell and Java Spring Vulnerabilities appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/04/how-to-hunt-for-spring4shell-and-java-spring-vulnerabilities.html?utm_source=rss&utm_medium=rss&utm_campaign=how-to-hunt-for-spring4shell-and-java-spring-vulnerabilities

OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ... More info: https://support.f5.com/csp/article/K24624116?utm_source=f5support&utm_medium=RSS

Eclipse Jetty vulnerability CVE-2021-28169 Security Advisory Security Advisory Description For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ... More info: https://support.f5.com/csp/article/K51048910?utm_source=f5support&utm_medium=RSS

This blog post is for CISOs, CSOs, CIOs, and all their stakeholders. I’d like to start off with a personal story. In addition to my work in cybersecurity at VMware, I also have been busy in every spare moment with our non-profit that delivers humanitarian aid to Ukraine and eastern Europe. Over the weekend, I … ContinuedThe post It’s Time for CISOs to Decipher the Threat Actor Strategy appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/04/its-time-for-cisos-to-decipher-the-threat-actor-strategy.html?utm_source=rss&utm_medium=rss&utm_campaign=its-time-for-cisos-to-decipher-the-threat-actor-strategy

Linux kernel vulnerability CVE-2022-0995 Security Advisory Security Advisory Description An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event ... More info: https://support.f5.com/csp/article/K19414951?utm_source=f5support&utm_medium=RSS

libxml2 vulnerability CVE 2016-4658 Security Advisory Security Advisory Description xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ... More info: https://support.f5.com/csp/article/K49419538?utm_source=f5support&utm_medium=RSS

Eclipse Jetty vulnerabilities CVE-2017-7657 and CVE-2017-7658 Security Advisory Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non ... More info: https://support.f5.com/csp/article/K10002140?utm_source=f5support&utm_medium=RSS