Oracle on Saturday released its patch for the VENOM vulnerability, a guest escape flaw that affects many virtualization platforms.
Browsing Category: Cloud Security
Proof of concept code exploiting the VENOM vulnerability has surfaced. Its author says mitigating factors make VENOM difficult to exploit at scale.
Dennis Fisher talks with Dan Kaminsky about the VENOM bug, the value of virtual machine escapes, why everyone wants to make every bug the worst one of all time or just a bunch of hype and what the Avengers have to do with vulnerability disclosure.
Researchers have uncovered a vulnerability in an obscure component of many virtualization platforms that they say can allow an attacker to escape from a guest virtual machine and gain code execution on the host, as well as any other VMs operating on that machine. Experts say the bug affects a wide variety of virtualization software[…]
Hackers are exploiting a remote code execution vulnerability in Elasticsearch, according to one researcher who published logs from a honeypot he built showing 8,000 attempts to exploit the bug.
Email delivery service provider SendGrid admitted that hackers had accessed several internal systems, refuting reports earlier this month that the attack was an isolated incident.
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive[…]
Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.
SANS Internet Storm Center reports attacks against SMTP servers using Shellshock exploits to create a DDoS botnet.
NIST this week published a draft document SP800-125a that makes recommendations for hypervisor security in virtualized environments based on architectural platform choices and configuration options.