Critical VMware vCenter Server Vulnerability Requires Patching

VMware vCenter Server vulnerability requires patching, VMware tells partners and customers that run the virtualization software.

Google Fixes Two G Suite Enterprise Password Issues

Google discloses & fixes two G Suite enterprise account password issues. Here’s the info for MSPs that manage G Suite accounts.

Microsoft Tells Partners: Patch Windows Remote Code Execution Vulnerability

Microsoft urges MSSPs & MSPs to patch Remote Code Execution vulnerability called CVE-2019-0708. Unpatched customers risk suffering a WannaCry-type attack.

Intel MDS ‘ZombieLoad’ Vulnerability: Software Patch List for MSSPs

MSSPs can find Intel MDS (Zombieload) software patches from Amazon AWS, Apple, Google & Microsoft listed here. Plus, SonicWall CEO describes MDS security risks & solutions.

Broadcom WiFi Chipset Driver Vulnerabilities: CERT Warning

Multiple Broadcom WiFi chipset vulnerabilities could be exploited by a remote attacker to control an affected system, the U.S. Computer Emergency Readiness Team (CERT) warns.

DHS Warning: runc Container Vulnerability Threatens Docker, Kubernetes

How to patch the runc Container Vulnerability (CVE-2019-5736) that impacts Docker & Kubernetes. Department of Homeland Security (DHS), Red Hat & Amazon Web Services (AWS) instructions.

BleedingBit Vulnerability Threatens WiFi Network Access Points

Two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) and used in millions of WiFi access points sold by Aruba, Cisco and Meraki could be exploited by an attacker to break into enterprise networks undetected, researchers said.

Outsourced Business Functions: Should You Trust that Third-Party?

Information security organizations must evolve to support outsourced business services and partner ecosystems — which increase the probability of a breach. Optiv Security explains the modern-day risks and mitigation strategies.

DROWN Vulnerability: Siemens Patches Protect Dams, Chemical Plants From Potential Attacks

Siemens patches the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) vulnerability, protecting dams & transportation systems from security hole.