You may have heard of unicorns, but have you heard of unikernels? IncludeOS is a compact tailored operating system, developed in Norway and tested in one of Basefarm’s Data centers for over a year.
For the past months everyone has been focusing on the GDPR deadline the 25th of May . In the meantime the passing of another important new privacy and security legislation, with big implications for European businesses using cloud services from US tech giants, went almost totally unnoticed.
The Microsoft Cloud Solution Provider (CSP) program enables partners to directly work with and manage the customers lifecycle. The CSP can directly provision, manage and support customers subscriptions. Basefarm is Tier 1 CSP Partner, meaning that we work directly with Microsoft and not through a CSP Distributor. A Tier 1 CSP needs to prove themselves with capabilities like handling support and cloud expertise.
New Vulnerability Found in All Modern Intel CPUs
Another security vulnerability has been discovered in Intel chips that affects the processor’s speculative execution technology. Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw.
Unlike other chip vulnerabilities, this one does not reside in the hardware layer, so this can be fixed by new microcode from Intel. As always, keep your software up to date.
Top 5 Security links
Startup Working on Contentious Pentagon AI Project Was Hacked
Tens of Thousands of Android Devices Are Exposing Their Debug Port
Citation needed: Europe claims Kaspersky wares ‘confirmed as malicious’
Feds Bust Dozens of Email Scammers, but Your Inbox Still Isn’t Safe
What got breached this week? Ticket portals, DNA sites, and Atlanta’s police cameras
Statistical models are driving today’s wave of artificial intelligence. But this second AI wave creates its own decision models which are pretty much black boxes. So, what’s up for the third wave? Transparent tools for solving real world problems.
Big data swamp? That is what you get, unless you work structured, collect the right metadata and prepare documentation (yes) for your big data lakes.
“We prefer data analytic platform to data lakes. The data analytic platform is your one point of data for all different data sources in your company,” says Ingo Steins, deputy director of operations in The Unbelievable Machine Company (*UM), a part of the Basefarm Group.
Machine learning and Artificial intelligence (AI) helps marketers to better understand customers and improve customer experiences. Machine learning and AI can be used in marketing i.e. for customer predictive analysis and to design customer journeys more individually and targeted, that to increase ROI on each individual customer contact (to target market initiatives better for individual customers.)
With a clear vision for their digital residents, Stockholm suburb, Nacka, has chosen several operating partners to enable future growth.
Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip
Zip Slip is exploited using a specially crafted archive that holds directory traversal filenames (e.g.
../../evil.sh). The vulnerability can affect numerous archive formats, including
Top 5 Security links
Another flash update
Shipping industry cybersecurity: A shipwreck waiting to happen
Widespread Google groups misconfiguration exposes sensitive information
Destructive and MiTM capabilities of VPNFilter Malware revealed
When cybercriminals are rubbish at cybersecurity
BUG in GIT opens developers systems up to attack.
Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository.
Developers behind the open-source development Git tool pushed out Git 2.17.1, addressing two bugs (CVE-2018-11233 and CVE-2018-11235).
“These are tricky vulnerabilities that will require the Git hosting services to patch, but also individual developers who are using the tool,” said Tim Jarrett, senior director of security, Veracode.
Of the two vulnerabilities, CVE-2018-11235 is the most worrisome, researchers said.
The vulnerability is described as a submodule configuration flaw that surfaces when the Git submodule configuration is cloned. Git provides developers with post-checkout hooks, which are executed within the context of the project. Those hooks can be defined within the submodules, and submodules can be malicious and directed to execute code.
“The software does not properly validate submodule ‘names’ supplied via the untrusted .gitmodules file when appending them to the ‘$GIT_DIR/modules’ directory. A remote repository can return specially crafted data to create or overwrite files on the target user’s system when the repository is cloned, causing arbitrary code to be executed on the target user’s system,” according to a SecurityTracker description of the flaw.
Top 5 Security links
European Commission “doesn’t plan to comply with GDPR” – well, sort of
PCI Security Standards Council publishes PCI DSS 3.2.1
Google patches 34 browser bugs in chrome67, adds spectre fixes
How to turn PGP back on as safely as possible
Research shows 75% of ‘open’ Redis servers infected