Security
Two new cybersecurity tools “OSV-Scanner” and “Peach” that landed this week deserve attention – whether you are a CISO, Blue Team, or just trying to tighten up your application development or cloud practices. OSV-Scanner was released under an Apache 2.0 licence by Google. Peach is an open framework from Wiz
Critical Citrix, VMware, Microsoft vulnerabilities all need patching
Security researchers at Juniper Threat Labs say they have identified previously undocumented malware targeting VMware ESXi servers that is notable for its “simplicity, persistence and capabilities.” VMware’s ESXi is a bare metal hypervisor that is widely deployed in large enterprises to run software virtually, from applications to fully emulated
Fortinet has pushed out an emergency patch for a critical CVSS 9.3 vulnerability in numerous versions of its FortiOS operating system, which lets an unauthenticated, remote attacker (pre-auth RCE) take over systems. Critics would be forgiven for asking tough questions about QA and feeling like it was "deja
A year after a critical vulnerability in a ubiquitous piece of open source software, Log4J, set off what The Stack described at the time as an “internet cluster bomb”, nearly 40% of downloads of the popular open source java logging library are still of the vulnerable version – despite the high
Rackspace has confirmed that it was hit by ransomware. The incident on December 2 affected its hosted Microsoft Exchange offering, leaving hundreds of thousands of customer email inboxes inaccessible. The scale of the attack is significant. Rackspace said its Hosted Exchange business generates $30 million in annual revenue – but has
From culture to SASE, DevSecOps to network segmentation
