Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack
Newest First  |  Oldest First  |  Threaded View
Encourage
Encourage,
User Rank: Apprentice
2/28/2019 | 3:40:20 AM
Rise in cybercrime
Tony Granims a cybersecurity expert with Critical Strategies Group has urged any organisations susceptible to cyber attacks to adequately and proactively deploy solutions that will mitigate such incidences. His predictions for an enormous increase in cyber attacks on U.S. Government agencies and companies in 2019 may just be valid.
wfishburne
wfishburne,
User Rank: Strategist
2/26/2019 | 4:29:52 PM
Pre-Owned Cloud Servers
I think it's bizarre that IBM thinks that this type of vulnerability is low severity. A vulnerability that results in the reprovisioned hardware being pre-owned (pun fully intended) is critical. It seems to me that the point of Bare Metal Cloud is to avoid the performance and security issues that come from multiple clients being on the same hardware. It'd be hard to sell if people doubted that they were getting a clean system.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23476
PUBLISHED: 2022-12-08
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being par...
CVE-2022-23492
PUBLISHED: 2022-12-08
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the a...
CVE-2022-3092
PUBLISHED: 2022-12-08
GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
CVE-2022-4261
PUBLISHED: 2022-12-08
Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious updat...
CVE-2022-4291
PUBLISHED: 2022-12-08
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.