• iPhone Users Urged to Update to Patch 2 Zero-Days
    by Elizabeth Montalbano on August 19, 2022 at 3:25 pm

    Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

  • DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 2:04 pm

    The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold

  • Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 1:35 pm

    A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a “small crime threat actor.” “Since 2018,

  • Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 10:15 am

    Google’s cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this

  • New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 8:23 am

    Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm

  • Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 4:56 am

    Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below – CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 – An

  • China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 4:56 am

    The Chinese advanced persistent threat (APT) actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. “The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation,”

  • Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware
    by noreply@blogger.com (Ravie Lakshmanan) on August 19, 2022 at 4:55 am

    A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. “It can also deliver ‘add-on packages’ such as additional malicious payloads, benign decoy documents, and executables,” cybersecurity firm Secureworks said in a Wednesday report. “It

  • Hardware-based threat defense against increasingly complex cryptojackers
    by Microsoft 365 Defender Threat Intelligence Team on August 18, 2022 at 5:00 pm

    To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools. The post Hardware-based threat defense against increasingly complex cryptojackers appeared first on Microsoft Security Blog.

  • Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
    by noreply@blogger.com (Ravie Lakshmanan) on August 18, 2022 at 4:45 pm

    A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. “In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations,” Recorded Future disclosed in a new

  • Connect with Microsoft Security experts at the 2022 Gartner Identity & Access Management Summit
    by Christine Barrett on August 18, 2022 at 4:00 pm

    Microsoft speakers at Gartner Identity & Access Management Summit focus on permissions management, infrastructure attacks, and moving to cloud-based identity. The post Connect with Microsoft Security experts at the 2022 Gartner Identity & Access Management Summit appeared first on Microsoft Security Blog.

  • Google Patches Chrome’s Fifth Zero-Day of the Year
    by Elizabeth Montalbano on August 18, 2022 at 2:31 pm

    An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

  • Penetration Testing or Vulnerability Scanning? What’s the Difference?
    by noreply@blogger.com (The Hacker News) on August 18, 2022 at 9:26 am

    Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let’s dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it’s easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an

  • Hackers Using Bumblebee Loader to Compromise Active Directory Services
    by noreply@blogger.com (Ravie Lakshmanan) on August 18, 2022 at 9:20 am

    The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and

  • North Korea Hackers Spotted Targeting Job Seekers with macOS Malware
    by noreply@blogger.com (Ravie Lakshmanan) on August 18, 2022 at 8:56 am

    The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed “Operation In(ter)ception” that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into

  • Cybercriminals Developing BugDrop Malware to Bypass Android Security Features
    by noreply@blogger.com (Ravie Lakshmanan) on August 18, 2022 at 3:01 am

    In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that’s currently in development. “This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals

  • Malicious Browser Extensions Targeted Over a Million Users So Far This Year
    by noreply@blogger.com (Ravie Lakshmanan) on August 18, 2022 at 1:40 am

    More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. “From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons,” the company said. As many as

  • APT Lazarus Targets Engineers with macOS Malware
    by Elizabeth Montalbano on August 17, 2022 at 3:07 pm

    The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

  • New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
    by noreply@blogger.com (Ravie Lakshmanan) on August 17, 2022 at 1:41 pm

    Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

  • Lean Security 101: 3 Tips for Building Your Framework
    by noreply@blogger.com (The Hacker News) on August 17, 2022 at 10:50 am

    Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it’s hard to keep track. Until…they infiltrate your system. But you know what’s even more overwhelming than rampant cybercrime? Building your organization’s security framework.  CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and

  • RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
    by noreply@blogger.com (Ravie Lakshmanan) on August 17, 2022 at 4:46 am

    RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. “Users in this category who do not

  • Microsoft Warns About Phishing Attacks by Russia-linked Hackers
    by noreply@blogger.com (Ravie Lakshmanan) on August 17, 2022 at 4:00 am

    Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a “highly persistent threat actor” whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. “

  • ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
    by noreply@blogger.com (Ravie Lakshmanan) on August 17, 2022 at 4:00 am

    A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that’s akin to an “uninitialized memory read in the CPU itself.” “In contrast to transient execution

  • New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
    by noreply@blogger.com (Ravie Lakshmanan) on August 16, 2022 at 2:46 pm

    Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed “Evil PLC” attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider

  • U.K. Water Supplier Hit with Clop Ransomware Attack
    by Elizabeth Montalbano on August 16, 2022 at 2:30 pm

    The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.

  • Xiaomi Phone Bug Allowed Payment Forgery
    by Nate Nelson on August 16, 2022 at 12:26 pm

    Mobile transactions could’ve been disabled, created and signed by attackers.

  • Unified Threat Management: The All-in-One Cybersecurity Solution
    by noreply@blogger.com (The Hacker News) on August 16, 2022 at 11:04 am

    UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a

  • SOVA Android Banking Trojan Returns With New Capabilities and Targets
    by noreply@blogger.com (Ravie Lakshmanan) on August 16, 2022 at 9:20 am

    The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That’s according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept

  • Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
    by noreply@blogger.com (Ravie Lakshmanan) on August 16, 2022 at 6:36 am

    Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what’s suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated 

  • Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
    by noreply@blogger.com (Ravie Lakshmanan) on August 16, 2022 at 5:42 am

    Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. “For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal,” the company said. “All users can rest assured that

  • Credential Theft Is (Still) A Top Attack Method
    by noreply@blogger.com (The Hacker News) on August 15, 2022 at 4:27 pm

    Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations

  • Disrupting SEABORGIUM’s ongoing phishing operations
    by Microsoft 365 Defender Threat Intelligence Team on August 15, 2022 at 4:00 pm

    The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog.

  • Black Hat and DEF CON Roundup
    by Threatpost on August 15, 2022 at 1:56 pm

    ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

  • Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
    by noreply@blogger.com (Ravie Lakshmanan) on August 15, 2022 at 11:42 am

    A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named “secretslib” and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as “secrets matching and verification made easy.” “On a closer

  • Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
    by Elizabeth Montalbano on August 12, 2022 at 6:20 pm

    The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.

  • Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
    by Threatpost on August 12, 2022 at 1:24 pm

    Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

  • Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
    by msrc on August 11, 2022 at 4:00 pm

    The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the ever-changing security landscapes, emerging technology, and new threats. Security Researchers help us secure millions of … Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More »

  • Starlink Successfully Hacked Using $25 Modchip
    by Elizabeth Montalbano on August 11, 2022 at 3:48 pm

    Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system

  • New Hacker Forum Takes Pro-Ukraine Stance
    by Elizabeth Montalbano on August 11, 2022 at 3:14 pm

    A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus

  • Security Update Guide Notification System News: Create your profile now
    by msrc on August 9, 2022 at 5:20 pm

    Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product security content using any email address, not just … Security Update Guide Notification System News: Create your profile now Read More »

  • Congratulations to the MSRC 2022 Most Valuable Researchers!
    by msrc on August 8, 2022 at 5:30 pm

    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.  Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report. Congratulations … Congratulations to the MSRC 2022 Most Valuable Researchers! Read More »

  • IT security: An opportunity to raise corporate governance scores
    by Christine Barrett on August 8, 2022 at 4:00 pm

    Corporate Governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. Governance frameworks now incorporate aspects of IT security. Communicating the security message in ways that impact a company’s governance score is important to getting attention and investment from corporate leadership. This post examines a leading governance framework from Institutional Shareholder Services, Governance QualityScore, and the specifics of how IT security can increase a company’s score. The post IT security: An opportunity to raise corporate governance scores appeared first on Microsoft Security Blog.

  • Microsoft Office to publish symbols starting August 2022
    by msrc on August 8, 2022 at 9:30 am

    We are excited to announce that Microsoft Office will begin publishing Office symbols for Windows via the Microsoft Public Symbol Server on August 9th 2022. The publication of Office symbols is a part of our continuing investment to improve security and performance for customers and partners. Key Advantages for customers, partners, and Microsoft Security: Empowering … Microsoft Office to publish symbols starting August 2022 Read More »

  • How IT and security teams can work together to improve endpoint security
    by Christine Barrett on August 4, 2022 at 4:00 pm

    The threat landscape has changed over the last few years. A mitigation strategy involves collaboration between the security operations and IT infrastructure teams. There are three best practices to enable collaboration, highlighting the role of endpoint management in helping organizations unify their efforts in this blog. The post How IT and security teams can work together to improve endpoint security appeared first on Microsoft Security Blog.

  • Microsoft Defender Experts for Hunting proactively hunts threats
    by Christine Barrett on August 3, 2022 at 4:00 pm

    Microsoft Defender Experts for Hunting is now generally available. The security offering provides a proactive hunting service combining expert-trained technology with human-led services to hunt for threats across Microsoft 365 data. The post Microsoft Defender Experts for Hunting proactively hunts threats appeared first on Microsoft Security Blog.

  • Microsoft announces new solutions for threat intelligence and attack surface management
    by Christine Barrett on August 2, 2022 at 1:00 pm

    Defenders are up against the most sophisticated threat landscape we’ve ever seen. Today, we’re proud to execute our threat intelligence vision behind that acquisition and announce several new solutions to help security teams get ahead of adversaries and catch what others miss. The post Microsoft announces new solutions for threat intelligence and attack surface management appeared first on Microsoft Security Blog.

  • Anatomy of a Cloud-Service Security Update
    by Aanchal Gupta on July 28, 2022 at 5:00 pm

    Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes into these updates in The Anatomy of a Security update.  Cloud … Anatomy of a Cloud-Service Security Update Read More »

  • Industrial systems: What it takes to secure and staff them
    by Christine Barrett on July 28, 2022 at 4:00 pm

    Chief Executive Officer and owner of Ampere Industrial Security Patrick C. Miller discusses the security and hiring challenges of protecting industrial systems. The post Industrial systems: What it takes to secure and staff them appeared first on Microsoft Security Blog.

  • Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
    by Microsoft 365 Defender Threat Intelligence Team on July 27, 2022 at 2:00 pm

    MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers. The post Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits appeared first on Microsoft Security Blog.

  • Malicious IIS extensions quietly open persistent backdoors into servers
    by Katie McCafferty on July 26, 2022 at 5:00 pm

    Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks. The post Malicious IIS extensions quietly open persistent backdoors into servers appeared first on Microsoft Security Blog.

  • Pharrell Williams and Cisco Partner to Drive an Inclusive Future in Education
    by Francine Katsoudas on July 21, 2022 at 4:00 pm

    Cisco expands its partnership with Pharrell Williams’ nonprofit YELLOW to create a highly personalized and immersive education experience through YELLOWHAB. This is one more step in our mission to drive an inclusive future, demonstrating our commitment to both education and social justice.

  • Taking Action to Create Equal Opportunities for Diverse Startup Founders and Venture Leaders
    by Derek Idemoto on July 20, 2022 at 1:00 pm

    Join Cisco at the Magnetic Aspire Summit, where industry visionaries discuss their personal journeys and the challenges they faced in their technology startups and in the venture capital ecosystem. They will uncover actions we can take to help level the playing field in venture capital and across the technology industry.

  • Congratulations to the Top MSRC 2022 Q2 Security Researchers!
    by msrc on July 19, 2022 at 4:15 pm

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q2 Security Researcher Leaderboard are: Yuki Chen, Zhiyi Zhang, and William Söderberg! Check out the full list of researchers recognized … Congratulations to the Top MSRC 2022 Q2 Security Researchers! Read More »

  • Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability
    by msrc on July 18, 2022 at 1:40 pm

    Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this vulnerability, we released a new General Availability (GA) version of the Azure Storage SDK client-side encryption feature (v2) on July 12, 2022. Microsoft … Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability Read More »

  • All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity
    by Abhilasha Bhargav-Spantzel on July 13, 2022 at 2:35 pm

    The morning of June 9th, I was driving over the Golden Gate Bridge into San Francisco with my family. While crossing the bridge my children shared some facts about this modern engineering marvel. Each day, approx. 100,000 vehicles travel over the bridge deck, which weighs a staggering 150,000 tons, and is suspended by 250 pairs … All Hands-on Deck: A Whole-of-Society Approach for Cybersecurity Read More »

  • Microsoft Mitigates Azure Site Recovery Vulnerabilities
    by msrc on July 12, 2022 at 5:49 pm

    Summary: Microsoft recently mitigated a set of vulnerabilities in Azure Site Recovery (ASR) and released fixes today, July 12, as part of our regular Update Tuesday cycle. These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in the latest ASR 9.49 release. We recommend customers update to the … Microsoft Mitigates Azure Site Recovery Vulnerabilities Read More »

  • Service Fabric Privilege Escalation from Containerized Workloads on Linux
    by msrc on June 28, 2022 at 11:35 pm

    Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster. Though the bug exists on … Service Fabric Privilege Escalation from Containerized Workloads on Linux Read More »

  • Cisco’s API-First Motion is Driving Innovation at Scale
    by Liz Centoni on June 15, 2022 at 3:50 pm

    Free-tier developer solutions Panoptica and Calisti continue Cisco’s strategy to connect, secure, and observe modern applications.

  • Cloud-Native Observability in the Experience Economy
    by Liz Centoni on June 14, 2022 at 5:20 pm

    Cisco Launches AppDynamics Cloud to enable the delivery of exceptional digital experiences. Application performance, security, and trust are at the center of it all.

  • Empowering Our Customers to Thrive in an Internet-centric World
    by Mohit Lad on June 14, 2022 at 3:30 pm

    Announcing ThousandEyes WAN Insights – a pivotal step toward delivering on the Cisco Predictive Networks vision, starting with customers’ SD-WAN environment. Co-founder and GM Mohit Lad shares his thoughts on this milestone.

  • Smarter, Simpler Experiences with Cisco Networking
    by Chris Stori on June 14, 2022 at 3:30 pm

    Cisco’s platform strategy for cloud and on-premises management helps unify IT teams across networking, security, cloud infrastructure, and applications to deliver an optimized experience for customers and employees.

  • Introducing Nexus Cloud, Agility of Cloud, Power of Nexus
    by Ish Limkakeng on June 14, 2022 at 3:30 pm

    Introducing Nexus Cloud: the easiest way to deploy, manage and operate your cloud network. Nexus Cloud is all about simplicity, providing end-to-end visibility—from endpoint to site and back again.

  • A Year in Review: Our Investment in Historically Black Colleges & Universities (HBCUs) 
    by Maria Martinez on June 2, 2022 at 12:00 pm

    Cisco’s intention to make a lasting impact for HBCUs and their students for generations to come is off to a heartening start. Today share our year one progress in four focus areas.

  • How to make hybrid work, work
    by Jacqui Guichelaar on May 17, 2022 at 6:00 pm

    Hybrid work is nothing new. We’re evolving how we approach it and learning more about what it takes to make hybrid work, work.