Credit to Author: Justin Foster| Date: Tue, 18 Apr 2017 12:00:18 +0000
This week thousands of people are heading to Austin, Texas for DockerCon 2017. Docker’s popularity has been explosive, with thousands of organizations using it’s platform to modernize applications, build microservices, optimize infrastructure and embrace a true DevOps practice. Like any transformation, moving to Docker is a journey for an organization. In preparation for sailing on…
Credit to Author: Lucian Constantin| Date: Wed, 05 Apr 2017 10:59:00 -0700
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system’s entire memory.
This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers’ virtualized servers share the same underlying hardware.
The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies, as well as by security-oriented operating systems like Qubes OS.
The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 03:53:00 -0700
VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.
The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.
Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.
The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.
To read this article in full or to leave a comment, please click here
Credit to Author: Pieter Arntz| Date: Mon, 27 Mar 2017 15:00:38 +0000
 | |
| In this article we will try to explain the terms packer, crypter, and protector in the context of how they are used in malware. Categories: Tags: cryptermalwarepackerprotectorransomwarevirtualization |
The post Explained: Packer, Crypter, and Protector appeared first on Malwarebytes Labs.
Read more