OpenTelemetry is one of the most fascinating and ambitious open source projects of this era. It’s currently the second most active project in the CNCF (the Cloud Native Computing Foundation), with only Kubernetes being more active.I was at KubeCon Europe last month, delivering a talk on OpenTelemetry and it was amazing to see the full house and the excitement and interest … [Read more...] about OpenTelemetry Roadmap and Latest Updates
Updates
March 2022 Patch Tuesday: Updates and Analysis
Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulnerabilities remains low; however, the total number of updates is nearly double what was offered in February 2022. As vulnerabilities and patches continue to be released, and as … [Read more...] about March 2022 Patch Tuesday: Updates and Analysis
February 2022 Patch Tuesday: Updates and Analysis
Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vulnerability in the Windows Kernel, should be closely monitored as the situation continues to unfold. Separate from the patches offered this month, Microsoft has strongly suggested an … [Read more...] about February 2022 Patch Tuesday: Updates and Analysis
January 2022 Patch Tuesday: Updates and Analysis
Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this month’s updates we see the lion’s share of updates directed at Microsoft’s Windows and Extended Security Update (ESU) products, while other patches target lesser-known components … [Read more...] about January 2022 Patch Tuesday: Updates and Analysis
December 2021 Patch Tuesday: Updates and Analysis
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs … [Read more...] about December 2021 Patch Tuesday: Updates and Analysis
November 2021 Patch Tuesday: Updates and Analysis
As the year draws to a close, the active exploitation of Microsoft vulnerabilities continues unabated. Once again, a broad range of Microsoft products are included in this month’s Patch Tuesday update as the aging Microsoft ship is springing security leaks everywhere. Two vulnerabilities, CVE-2021-42292 and CVE-2021-42321, have seen in-the-wild exploitation, and four other … [Read more...] about November 2021 Patch Tuesday: Updates and Analysis
Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability
Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.' The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that … [Read more...] about Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability
Cisco Secure Firewall: Sometimes, updates are great news
I distinctly remember my desktop and mobile updates that slowed my systems to a crawl. The fine print often says something like, “May not run optimally on lower-end hardware.” Which is a pity, when a treasured custom-built system can no longer supported the latest updates, compromising its security, or a smart phone dialer needs 5 seconds to open for a phone call. But … [Read more...] about Cisco Secure Firewall: Sometimes, updates are great news
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said. "We understand that … [Read more...] about GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
Tetration Updates – New capabilities for microsegmentation and workload security
Cisco Tetration release 3.4 expands support for micro-segmentation, workload and container security Cisco Tetration, a leader in micro-segmentation and workload security, announces significant new enhancements, available now, that help security architects achieve the protection required for today’s heterogeneous multicloud environments. One of the key challenge’s businesses … [Read more...] about Tetration Updates – New capabilities for microsegmentation and workload security