The container files containing the most vulnerabilities were typically the oldest files and “appear to be abandoned or are otherwise EOL’ed (end of life)," explained Kenna's Jerry Gamblin.

The China-based vendor is still likely to face U.S. opposition over its involvement in 5G networks.

The bugs could allow attackers to take over affected devices, but Cisco says it’s “not aware of any malicious use” of either of the two vulnerabilities.

The updates support automated container security deployments that NeuVector CTO Gary Duan described as a “policy-as-a-code concept.”

Joel Smith, who works with the Kubernetes Product Security Committee, described the latest bug as “high severity."

The latest update comes on the heels of Aqua's rival Twistlock being acquired by Palo Alto Networks for $410 million.

It’s based on technology that VMware acquired when it bought public cloud security startup CloudCoreo last year.

The latest flaw allows a witty attacker to target API endpoints behind the docker cp command that would allow them to read and write data on a host machine.

“If I have a threat space that is bounded and measurable, why wouldn’t you go whole hog after it? That is precisely what zero trust and microsegmentation does,” says

China is not implicitly named in the 545-word executive order, but the action is clearly directed at Chinese-based vendors Huawei and ZTE.

Like the earlier Meltdown, Spectre, and Foreshadow processor flaws, the newly discovered ZombieLoad is a side channel attack that allows hackers to steal sensitive data and keys.

Red Balloon Security disclosed two vulnerabilities in “tens of millions” of Cisco enterprise routers, switches, and firewalls that could allow hackers to remotely attack corporate networks, steal data, and

“We are dancing again. You have seen our young management in development. I hope in the next six years in moving to the cloud that only a few customers

SAP said it has now rolled out 10 new products that combine its operational data (O-data) with experience data (X-data) gleaned from Qualtrics.

Cisco previously disclosed 42 advisories in April including critical security alerts for operating systems, routers, and LAN software.

The British government has stopped short of banning Huawei but wants to exclude the vendor from sensitive parts of the network.

One of the critical vulnerabilities has been exploited in the wild. It’s part of a DNS hijacking campaign dubbed “Sea Turtle” that Cisco Talos researchers disclosed earlier this week.

The products insecurely store authentication and/or session cookies, giving hackers access to a company’s virtual private network.

The offering leverages its existing cloud IP suite of services — including routing, SD-WAN, and security — while reducing the complexity and cost of legacy networks.

The company issued patches for vulnerabilities found in vCloudDirector for service providers as well as VMware EXSi, Workstation, and Fusion.

U.K. authorities have “limited confidence in Huawei’s ability to understand the content of any given build or in their ability to perform true root cause analysis of identified issues.”

If compromised, the flaw could allow an attacker to write files to any path on the user’s machine.

The vulnerability could allow a remote attacker to execute arbitrary commands on the underlying Linux shell as root.

The Kubernetes community does not view security as something tied to specific updates and instead is “something to be continually evaluated and improved.”