On March 29th, Andres Freund, a Postgres developer, working at Microsoft, identified a response time while authenticating to openSSH on a Debian Sid installation that was about 500 ms longer as usual. He investigated the behaviour and concluded that liblzma, part of the xz library, was compromised by a complex backdoor injected into distribution packages […]
Backdoor in xz/liblzma (CVE-2024-3094) Read More »
As a global player and the leading European cloud provider, we have witnessed first-hand the challenges and opportunities that the digital transformation brings to our continent. In this post, we would like to share our vision of how data sovereignty and trusted cloud help customers and partners. But also all private and public organizations to
Why Data Sovereignty and Trusted Cloud is critical for the future of your business Read More »
On July 24th 2023, AMD has issued a security bulletin disclosing a vulnerability in its Zen2 computer processor microarchitecture. Named “Cross-Process Information Leak” by AMD, the vulnerability is also known as “Zenbleed”. Labelled CVE-2023-20593 and rated by AMD as Medium, the issue allows an attacker to potentially access sensitive information processed by the CPU in
CVE-2023-20593/Zenbleed Read More »
The video games industry continues to grow and evolve, and with it the need to implement strong security measures to protect both the game development process and the end product. As a developer and video game administrator, you naturally want to protect your code and network infrastructure. However, you are also responsible for ensuring the
Security in video gaming Read More »
What is Confidential Computing? During the past decades, the IT industry focused on the protection of data which was stored or “on the fly”. Data encryption and decryption is a commodity service and used by almost all users and companies. Well known examples are VPN for secure connections or BitLocker form Microsoft to encrypt storage
Confidential Computing Read More »
A wave of attacks is currently targetting ESXi servers. No OVHcloud managed service are impacted by this attack however, since a lot of customers are using this operating system on their own servers, we provide this post as a reference in support to help them in their remediation. These attacks are detected globally. According to
Ransomware targeting VMware ESXi Read More »
As the end of the year approaches, our Hosted Private Cloud powered by VMWare offer welcomes two important features enabled by the vSphere 7 update: Tanzu Kubernetes Grid multicloud (TKGm) and vSphere Native Key Provider (vNKP). As much as « Tanzu » was expected and follows the release of Tanzu CE, the availability of vNKP can come
In a nutshell…VMware TKGm and vNKP on Hosted Private Cloud Read More »
Even at the dawn of the internet, when its adoption was still very confidential, the first cyberattacks were already happening. The very first cyberattack appears to have taken place as early as 1988, when only a few tens of thousands of computers were connected to the internet. These days, these attacks are common and more
Website security: A vital factor to maintain Read More »
The security of sensitive information has long been a major concern for organisations. With an increasing amount of data stored electronically, the challenge of keeping personally identifiable and commercially sensitive data secure has become even more pressing — especially with so much of it now stored and processed in the cloud. And, while public sector
The security challenges of cloud-based high-performance workloads Read More »
Update 22/12: 2 new vulnerabilities have been identify. Those vulnerabilities are also impacting the initial patchs (2.15.0 and 2.16.0): CVE-2021-45105 : Risk of Denial of Service (DOS) CVE-2021-45046 : Risk of information leak and remote code execution in some environments and local code execution in all environments Update 22/12: Updated table assessing the risks at
Log4shell, how to protect my cloud workloads Read More »
