Serious virtual machine bug threatens cloud providers

There's an extremely critical bug in the Xen, KVM, and native QEMU virtual machine platforms and appliances that makes it possible for attackers to break out of protected guest environments and take full control of the operating system hosting them, security researchers warned Wednesday.

http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/

Comments

Post a Comment

Popular posts from this blog

The Implications of Encrypted Web Traffic for Security

Image
When it comes to security, it would seem like encryption is a good thing, right? Encryption is a good tool for protecting the confidentiality of your information, but (as the trend of ransomware has shown us) it has a down side. Secrecy can work for the the good guys and the bad guys both. Securing your network requires being aware of what is going on and what communications take place, and encryption can make that difficult. Just a few years ago, encryption on the web was used primarily just for logins and for sensitive parts of session, such as payments. However, that began to change in 2010 when Google changed Gmail to use HTTPS by default. That was followed by Facebook and Google search going to HTTPS by default in 2011 (Google completed the switch in 2012), Twitter in 2012, YouTube in 2014, and Wikipedia in 2015. Netflix has announced their intention to move entirely to HTTPS, but currently most of their actual streaming is still un-encrypted. Currently, most networks see more...
Read more

Weekly Infosec News Brief: 7-13 March

Image
Adobe Issues Three Updates, Including an Emergency Update for Flash Adobe had a rough week last week. They issued updates for their Acrobat/Reader and Digital Editions software on Tuesday, their regular monthly day for issuing patches. They announced at that time that there would be a Flash update forthcoming soon. That Flash update was released on Thursday, and includes fixes for 18 critical vulnerabilities. One of these, CVE-2016-1010, is already being used in attacks in the wild, and the release of the update was likely delayed in order to incorporate a fix for this issue. Given that the vulnerability is already being exploited, this is an update that should definitely be installed as soon as possible. http://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-actively-exploited-code-execution-bug/ http://www.scmagazine.com/adobes-patch-tuesday-update-handles-four-vulnerabilities/article/481813/ http://www.computerworld.com/article/3042589/security/emergency-fla...
Read more

RSA Conference 2016 - The Expo!

Image
We were at RSA Conference in San Francisco last week, keeping current with the latest developments in the information security industry. With 40,000 attendees, this is one of the biggest annual events focused on security. This post focuses on the vendor expo, but see our RSA wrap-up for other observations from the event and links to our detailed analysis of some of the content. The expo at this year's RSA Conference was bigger than ever. It filled both of the giant expo halls at San Francisco's Moscone Center (over 450,000 square feet), and was simply overwhelming. Over 550 companies and organizations participated, and some of the booths were mind-bogglingly big, complicated, and elaborate. Attending an expo like this is not only a good way to learn a little bit about lots of different companies and their products. It is also a good way of assessing what the trends are in the security industry and the direction in which the various security vendors are trying to lead t...
Read more