
Blog Series
Month: December 2022

IBM Cloud Supply Chain Vulnerability...
Wiz security researchers discovered Hell’s Keychain, a first-of-its-kind cloud service provider supply-chain vulnerability, in IBM Cloud Databases for PostgreSQL. This occurred while researchers were conducting a routine audit of IBM...
Why IT Experts Should Reconsider...
“We are in the process of digging ourselves into an anachronism by preserving practices that have no rational basis beyond their historical roots in an earlier period of technological and...
New Go-based malware target vulnerable...
Aqua Nautilus, a cloud security firm, discovered new Go-based malware that targets Redis (remote dictionary server), an open source in-memory database and cache. The attack was carried out against one...
Bahamut deploys fake VPN apps...
ESET researchers discovered an ongoing campaign by the Bahamut APT group, a notorious cyber-mercenary group that has been active since 2016, that targets Android users with fake VPN apps and...
How to Reduce Risk in...
A digital twin (DT) is a virtualized representation of an actual device, and is often used in relation to operational technology (OT), industrial control system (ICS), or devices with physical...
Windows Server updates causes LSASS...
A memory leak bug on Local Security Authority Subsystem Service (LSASS), a service that allows users to manage local security, user logins, and permissions, is being investigated by Microsoft. It...
1,650 malicious Docker Hub images...
After discovering malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub, security researchers have warned developers of the risks of using shared container images. Cryptocurrency...
Arm’s Mali GPU driver flaws...
Despite fixes released by the chipmaker, a set of five medium-severity security flaws in Arm’s Mali GPU driver have remained unpatched on Android devices such as Samsung, Oppo, Xiaomi, and...
Live Patching Integration into CI/CD...
Continuous integration (CI) refers to testing code changes before deployment to production. Continuous delivery (CD) is where code changes are automatically deployed to production systems without manual intervention. Organizations can...
RansomExx malware offers new features...
The APT group DefrayX has launched a new version of its RansomExx malware known as RansomExx2, a variant for Linux rewritten in the Rust programming language, possibly to avoid detection...
What is the Gartner IIoT...
When it comes to the Industrial Internet of Things (IIoT), the legacy Purdue model no longer provides adequate levels of security projection – as newer IIoT devices are added to...