Microsoft releases patch to fix security flaw in Windows DNS server

Microsoft | July 15, 2020

Researchers at Check Point, a cyber security firm, had identified a security flaw in Windows DNS, services provided by Microsoft for every Windows operating system, which could have allowed hackers to gain domain administrator rights over servers and take control over an organisation's IT infrastructure.

Spotlight

Hear from industry experts and recent survey results to learn why the right IT automation solution can unify teams and processes across an organization. Learn about the benefits of extending automation with Red Hat®Ansible®Automation Platform or migrating from an earlier version to the latest offering.

Spotlight

Hear from industry experts and recent survey results to learn why the right IT automation solution can unify teams and processes across an organization. Learn about the benefits of extending automation with Red Hat®Ansible®Automation Platform or migrating from an earlier version to the latest offering.

Related News

Hyper-Converged Infrastructure, Windows Systems and Network

Rambus Delivers Quantum Safe IP Solutions with Next-Generation Root of Trust for Data Center Security

businesswire | July 13, 2023

Rambus Inc. a premier chip and silicon IP provider making data faster and safer, today announced the first in a family of Quantum Safe security IP products with its next-generation Root of Trust for data center and communications security. Quantum computers will be able to rapidly break current asymmetric encryption, placing important data and assets at risk. The Rambus Root of Trust IP offers customers a complete Post Quantum Cryptography (PQC) hardware security solution that protects valuable data center and AI/ML assets and systems. “To ensure today’s data remains protected into the future, we must implement now security solutions that safeguard against quantum attacks,” said Neeraj Paliwal, general manager of Security IP at Rambus. “This new generation of the Rambus Root of Trust is a flagship product in our Quantum Safe IP portfolio that offers customers complete security solutions for the data center and advanced workloads like generative AI.” “Since 2016, NIST has done pioneering efforts to identify post-quantum cryptographic algorithms which will be better suited for protecting critical government and public infrastructure from entities looking to steal data now to decrypt later using quantum computing,” said Heather West, PhD, research manager of Quantum Computing Research at IDC. “Now that NIST has announced its first four post-quantum computing recommendations, it is important that system designers begin implementing quantum-resistant cryptography to ensure that data and hardware remain secure in the quantum computing era.” Rambus Root of Trust IP with Quantum Safe Cryptography uses the quantum-compute resistant cryptographic algorithms selected by the National Institute of Standards and Technology (NIST): CRYSTALS-Kyber for key-encapsulation and CRYSTALS-Dilithium for digital signatures. In addition, Rambus Root of Trust IP supports the Commercial National Security Algorithm Suite (CNSA) algorithms for software and firmware updates including XMSS/LMS stateful hash firmware signatures, CNSA symmetric-key algorithms, and CNSA quantum-resistant public-key algorithms. About Rambus Inc. Rambus is a provider of industry-leading chips and silicon IP making data faster and safer. With over 30 years of advanced semiconductor experience, we are a pioneer in high-performance memory subsystems that solve the bottleneck between memory and processing for data-intensive systems. Whether in the cloud, at the edge or in your hand, real-time and immersive applications depend on data throughput and integrity. Rambus products and innovations deliver the increased bandwidth, capacity and security required to meet the world’s data needs and drive ever-greater end-user experiences.

Read More

Application Infrastructure, Windows Server OS

Palisade Infrastructure Announces Transaction with Consolidated Communications

businesswire | August 07, 2023

Palisade Infrastructure (“Palisade”) and Consolidated Communications, Inc. (“Consolidated”) have entered into an agreement whereby Palisade, on behalf of its managed funds, will acquire Consolidated’s assets in Washington state. The transaction includes Consolidated’s incumbent networks in Ellensburg and Yelm comprising a mixture of fiber-to-the-home and DSL technologies. Palisade intends to accelerate the build out of the fiber network in these markets, providing high speed, low latency connectivity to households and businesses. This is Palisade’s second broadband investment in Washington State following the announcement of the transaction to acquire Rainier Connect in December 2022. Palisade aims to develop a regional platform for fiber and high-speed broadband connectivity by investing in these markets to benefit all stakeholders including employees, customers and communities. Mike Reynolds, managing director at Palisade Infrastructure said, “We are excited to expand our fiber broadband platform in Washington State, in attractive markets that are in proximity to the Rainier Connect network. We look forward to continuing to grow the platform in the future.” This represents Palisade’s fourth transaction in North America and follows the closing of its investment in the PureSky Energy community solar platform in June 2023. Palisade is planning to launch a new fund focused on investing in digital connectivity and the energy transition later this year. Houlihan Lokey served as exclusive financial advisor and Morgan, Lewis & Bockius LLP served as legal counsel to Palisade. Lazard served as the exclusive financial advisor to Consolidated Communications on the transaction. The transaction remains subject to federal, state and local regulatory approvals and customary closing conditions. About Palisade Infrastructure Palisade Infrastructure forms part of the Palisade Group, a global independent, specialist infrastructure and real assets manager. Palisade Group has 30 active investments in its portfolio covering a broad range of sectors. Palisade Infrastructure’s North American capability focuses on the energy transition, digitization and transport infrastructure sectors. Palisade Infrastructure has a partnership-focused approach with a long-term investment horizon. For more information visit palisadegroup.com. About Consolidated Communications Consolidated Communications Holdings, Inc. (Nasdaq: CNSL) is dedicated to moving people, businesses and communities forward by delivering the most reliable fiber communications solutions. Consumers, businesses and wireless and wireline carriers depend on Consolidated for a wide range of high-speed internet, data, phone, security, cloud and wholesale carrier solutions. With a network spanning more than 57,500 fiber route miles, Consolidated is a top 10 U.S. fiber provider, turning technology into solutions that are backed by exceptional customer support.

Read More

Hyper-Converged Infrastructure, Data Storage

Ermetic Releases CNAPPgoat Open Source Project for Assessing Multi Cloud Security

businesswire | August 03, 2023

Ermetic, a leading cloud infrastructure security company, today announced CNAPPgoat, an open source project that allows organizations to safely test their cloud security skills, processes, tools and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms (CNAPP). The CNAPPgoat project will be officially presented at DEF CON Demo Labs in Las Vegas on Friday, August 11 from 12:00pm-1:55pm by Noam Dahan, Research Lead and Igal Gofman, Head of Research for Ermetic. On Wednesday, August 16 at 10am PST/1pm EST, Ermetic will present a webinar on using CNAPPgoat, to register visit thislink. Unlike projects that illustrate possible attack paths, CNAPPgoat provides a large and expanding library of scenarios that security teams can execute to create a customized cloud environment for simulating unsecured and vulnerable assets and validating their defenses. The ability to easily provision a vulnerable environment with a broad range of risk scenarios provides the following benefits: Create a sandbox for testing an organization’s security posture by assessing security team capabilities, procedures and protocols Use vulnerable environments for hands-on workshops to train team members on new skills and techniques Provision a “shooting range” for pentesters to test their skills at exploiting the scenarios and developing relevant capabilities Benchmark CNAPP tools against known environments to evaluate their capabilities “Compared to existing open-source projects that create ‘capture the flag’ scenarios where participants are expected to follow a certain path, CNAPPgoat spans the leading cloud provider platforms and CNAPP capabilities while providing a modular and granular approach for provisioning specific categories of risks and vulnerabilities,” said Igal Gofman, Director of Research for Ermetic. “This breadth and depth allows pentesters and defenders to precisely isolate the elements they want to explore for training, new skills acquisition, prevention and security posture assessments,” added Noam Dahan, Research Lead. CNAPPgoat enables security teams, trainers and pentesters to provision and run vulnerable scenarios from the following modules that make up the CNAPP specification defined byGartner: Cloud Infrastructure Entitlement Management (CIEM) - covers risks associated with identities and entitlements, such as the unintended ability of an identity to escalate its privileges Cloud Workload Protection Platform (CWPP) - includes the exposure of workloads to vulnerabilities such as running vulnerable/end of life software or OS versions Cloud Security Posture Management (CSPM) - spans the misconfiguration of cloud infrastructure components, such as publicly exposed storage resources Infrastructure as Code (IaC) scanning - will be added soon for finding misconfigurations directly in the code CNAPPgoat is an open community initiative designed to be used by anyone for commercial, technical and educational purposes. See today’sblogfor implementation details. Additional artifacts including deeper technical dives and guides will be released soon. Contributions are encouraged including new scenarios, scenario proposals, issues, suggestions, feature requests or simply sharing feedback. To learn more and access CNAPPgoat visit thislink. About Ermetic Ermetic reveals and prioritizes security gaps in AWS, Azure and GCP and enables organizations to remediate them immediately. The Ermetic cloud native application protection platform (CNAPP) uses an identity-first approach to unify and automate cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection and Kubernetes security posture management (KSPM). It unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with pinpoint visualization and step-by-step guidance. The company is one of America’s Best Startup Employers according toForbesand led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra Capital and Target Global.

Read More