Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.10 bug fix update

Red Hat OpenShift Container Platform release 3.10.127 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

DEBIAN-CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check...

8 Tips and Best Practices to Build a Solid Cloud Migration Strategy for 2019

Here are eight fool-proof practices that can help you move your workloads to the cloud. A quick look at cloud migration. Cloud migration involves moving an organization’s data storage and IT operations to a cloud network. Cloud computing services are hosted in a multi-tenant environment and can b...

Hard Times for Cryptojacking

By David Balaban What is Cryptojacking? It is an attack in which hackers secretly utilize the computing power of your device to mine cryptocurrency - The cybercrime climate is flexible enough to quickly adapt to new circumstances and trends. The fact that cryptocurrency markets skyrocketed in the...

CVE-2019-9946

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

CVE-2019-9946

Summary: CVE-2019-9946 affects Cloud Native Computing Foundation (CNCF) CNI 0.7.4 used with Kubernetes. The portmap plugin in CNI inserts rules at the front of the iptables nat chains, giving them precedence over the KUBE-SERVICES chain. This could cause HostPort/portmap rules to match traffic ev...

CVE-2019-9946

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

Monero: Computing hash of crafted block leads to crash in tree_hash()

I'm not sure how to test this against against an actual Monero instance, so I'm instead showing an isolated PoC: c include int mainvoid cryptonote::block b = AUTOVALINITb; for sizet i = 0; i baoss; std::string s; if ::serialization::serializeba, b == true s = oss.str; else return 0; / Uncomment t...

Why DevOps is Becoming More Like DevSecOps

Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...

AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF

With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS...

CVE-2019-1616

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An...

UltraVNC Code Execution Vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. A security vulnerability exists in the VNC server code in UltraVNC version 1211. An attacker could exploit the vulnerability to execute code...

CVE-2019-8273

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212...

CVE-2019-8272

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212...

CVE-2019-8265

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in...

UltraVNC Buffer Overflow Vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. A buffer overflow vulnerability exists in the VNC client code in UltraVNC version 1198. An attacker could exploit this vulnerability to execute code...

CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

Hackers Can Slip Invisible Malware into 'Bare Metal' Cloud Computers

Researchers point a tough-to-fix in some cloud computing setups: hackable firmware...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 security update

An update is now available for Red Hat OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Low: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 images update

Red Hat OpenShift Container Platform release 3.11.82 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...