First Officer’s log, Terrestrial date, 20220829. Officer of the Deck reporting.
The ship’s new communications interface has come online, thanks to the dedication of crew members in multiple departments. With our mission to help worlds across the Federation, and beyond, use their own integrated defenses to stay secure, we are hoping the new interface will enhance the program.
Communication is really at the heart of our mission. Specifically, enabling communication between the components of a planetary defense system. It amazes me at times how difficult it can be, though I do empathize. It’s like listening to the engineering and astrogation crews talking about their respective concerns. They really do seem to speak a different language. At least when they’re not all discussing the quality of the food replicators.
But that’s where we come in.
Finding a common language.
Supporting the mission.
The newest VMware vulnerability
VMWare has announced a vulnerability in VMWare Tools on Windows and Linux systems that could allow a local user to escalate their privileges to root level on the virtual machine. They’re tracking it as CVE-2022-31676 with a CVSS risk score of 7.0.
Why it matters
It’s unclear from the release whether local in this context means “logged into a user account from the VMWare virtual console” or whether it applies to any normal user with console access, which could be RDP, SSH, or VNC to the virtual machine depending on context. The fact is with virtual machines running on VMWare servers, local in the machine context is remote in the physical world.
Patches are available from VMWare, but vulnerabilities like this are a reminder that it’s still a best practice to restrict system access to the people that need it.
What they said
There’s nothing virtual about the attention this is getting. Read more.
Going after the learning machines
A new project to address threats to machine learning (ML) and artificial intelligence (AI) systems, known as the Synaptic Adversarial Intelligence team, has been announced by specialist vendor HiddenLayer.
Why it matters
Artificial Intelligence in its many forms is ubiquitous. We see it everywhere from our own security solutions to the movie and music recommendations we get every day. Unfortunately, there hasn’t been a lot of focus on defending the algorithms themselves. Since there are known attacks against the data, and we have seen threat actors manipulate results, adding defenses to that layer is welcome.
Given that Vulcan Cyber’s Risk Management platform can ingest data from virtually any source through ConnectX, Vulcan Cyber users will be able to add this information as well.
What they said
This one’s getting a lot of (human) coverage. Check it out.
Want to get ahead of the stories? Join the conversations as they happen with the Vulcan Cyber community Slack channel