Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability CVE-2021-22101.
Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.
Security researchers at Intezer Labs detected a new Linux malware dubbed “Doki” and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.
VMware issued a security advisory for ten vulnerabilities that impact VMware ESXi, Workstation, Fusion and Cloud Foundation products. An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company’s online meetings.