Updates on technologies, trends, and tools
VMware Patches Critical Vulnerabilities
VMware has patched (https://nakedsecurity.sophos.com/2019/04/02/vmware-patches-pwn2own-flaws/) five critical vulnerabilities in its products. The affected products/families include vSphere ESX-i, VMware Workstation Pro/Player, and VMware Fusion Pro/Fusion.
A team of hackers called Fluoroacetate demonstrated exploitation of two flaws at the CanSecWest cybersecurity conference, which took place in Canada.
These two flaws exploited out-of-bounds read/write vulnerability and a time-of-check/time-of-use (TOCTOU) vulnerability in the virtual universal host controller interface used by ESXi, Workstation, and Fusion.
"An attacker must have access to a virtual machine with a virtual USB controller present, the advisory said, adding that it could allow a guest VM to execute code on the host system," said VMware in a security advisory. The good news is that an attacker needs access to a virtual machine with a virtual USB controller present to execute code on the host system.
Two other issues allow code execution on the host from a guest. The fifth vulnerability, which affects the Fusion product, allows an unauthenticated application programming interface (API) access to an application menu through a web socket.
If you use any of these VMware products, please update them now.
More Online
Linux Magazine
Linux Administration Focus
http://www.linux-magazine.com/tags/view/administration
Network Sleuth * Ken Hess
When it comes to network recon, arp-scan allows you to collect device intel quickly and stealthily.
The Eye of Sauron * Mayank Sharma
Use Zabbix to keep tabs on all your machines across the network.
ADMIN HPC
http://www.admin-magazine.com/HPC/
OpenMP * Jeff Layton
The HPC world is racing toward Exascale, resulting in systems with a very large number of cores and accelerators.
Porting Code to OpenACC * Jeff Layton
In previous articles, I talked about how OpenACC can help you parallelize your code and gave a few simple examples of how to use OpenACC directives, but I didn't discuss how to go about porting your code.
ADMIN Online
http://www.admin-magazine.com/
Web Perfect * Andreas Möller
Web Components let you define your own HTML tags to restructure monolithic web pages into smaller services and simplify maintenance and servicing.
Mesh Design * Abe Sharp
Enable free service mesh functionality on your Kubernetes microservice apps with Istio.
Cloud Creator * Grzegorz Juszczak
Today's OpenStack has become a mature product with automated asset configuration tools, including cloud-init, a powerful script that saves time by automatically configuring a large number of virtual servers in the cloud.
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)