Blog Series
Month: December 2022
Patching for DevOps and Agile...
Understanding the relationship between development operations (DevOps) and the agile software development (Scrum) framework is critical for organizations to create a secure, rapid application development lifecycle. DevOps managers coordinate how...
Eufy under fire for camera...
Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted. Eufy has received a lot...
New Linux Kernel Functionality Equals...
The Linux Kernel has grown in scope and functionality over the years. New schedulers, new drivers, new filesystems, new communication protocols, new security holes… oh, wait. That last one is...
Attackers distribute QBot malware using...
Talos researchers recently uncovered a phishing campaign that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments to distribute QBot malware. Basically, when the victim of this attack...
What We Know So Far...
Frameworks are an effective tool in cybersecurity because of the complexity of cybersecurity challenges and because so many organizations have so little structure to their cybersecurity operations. Introduced in 2014,...
Google launches free vulnerability scanner...
Google has launched OSV-Scanner, a free tool for open-source developers to easily access vulnerability information. It is said to include an interface to the OSV database which links a project’s...
VMware patches three vulnerabilities during...
VMware has released patches for a number of vulnerabilities, including a virtual machine escape flaw, CVE-2022-31705, which was exploited during the GeekPwn 2022 hacking challenge, as part of this month’s...
APT5 exploits unauthenticated remote code...
The U.S. National Security Agency has warned that a Chinese state-sponsored group is exploiting an unauthenticated remote code execution flaw (CVE-2022-27518) to compromise Citrix Application Delivery Controller (ADC) deployments. According...
Supply chain vulnerabilities put server...
Eclypsium Research has identified and reported three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. This is used by AMD, Ampere, Asrock, Asus, Arm, Dell, Gigabyte, HPE,...
An update on “Retbleed” work...
As part of developing and testing new patches, the KernelCare team has reevaluated the impact of the Retbleed patches. We have serious concerns that the patches may introduce instability and...
APT37 spread malware to South...
Google’s Threat Analysis Group discovered APT37, also known as Scarcruft or Reaper, a North Korean-linked hacking group, exploiting a zero-day vulnerability in Internet Explorer’s JScript engine by delivering malicious Microsoft...
TuxCare Debuts Extended Lifecycle Support...
PALO ALTO, Calif. – December 21, 2022 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it now offers a new CentOS 7 Extended Lifecycle Support (ELS)...