Serverless at the Edge: Enabling Magical Unicorns

Before we dive straight into the magical unicorn from heaven that is serverless computing embedded within the CDN edge a direct customer quote that I want on a team T-shirt soon, let's first level-set on some basic concepts of computing. In the context of web experiences, IoT device messaging, an...

CVE-2020-24625

Unathenticated directory traversal in the ReceiverServlet class doGet method can lead to arbitrary file reads in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...

CVE-2020-24625

Unathenticated directory traversal in the ReceiverServlet class doGet method can lead to arbitrary file reads in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...

Directory traversal

Unathenticated directory traversal in the ReceiverServlet class doGet method can lead to arbitrary file reads in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...

CVE-2020-24626

Unathenticated directory traversal in the ReceiverServlet class doPost method can lead to arbitrary remote code execution in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...

CVE-2020-24625

Summary: CVE-2020-24625 is an unauthenticated directory traversal vulnerability in the ReceiverServlet doGet() of Hewlett Packard Enterprise Pay per Use (PPU) Utility Computing Service (UCS) Meter, up to version 1.9 (vulnerability exists prior to 1.9). The root cause is lack of proper validation ...

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security MOIS for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors...

Rethinking Defensive Strategy at the Edge, Part 1: A Changing Landscape for Securing Users

In recent years, new enterprise remote access architectures and frameworks have been introduced, such as Zero Trust Access ZTA. Those concepts have driven changes in the way the network perimeter has been defined -- specifically, from the outside in, not the inside out. Access to applications and...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

DEBIAN-CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

Design/Logic Flaw

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

CVE-2020-15168 affects node-fetch: the size option is not honored after redirects, so large content may bypass size checks and trigger DoS risk if data is not size-checked post-fetch. Affects node-fetch before 2.6.1 and 3.0.0-beta.9; upgrade to 2.6.1 or 3.0.0-beta.9 (or later) to remediate. The c...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Top Security and Data Privacy Regulations for Financial Services

Regulatory compliance has become an increasingly more important part of the financial services industry in recent years. And it’s a trend that’s likely to continue due to the upsurge in cloud computing, the use of mobile applications, and a shift to IoT devices, all of which are driving exponenti...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...