Security

How to protect my cloud workloads (Log4Shell)

Log4shell, how to protect my cloud workloads

Update 22/12: 2 new vulnerabilities have been identify. Those vulnerabilities are also impacting the initial patchs (2.15.0 and 2.16.0): CVE-2021-45105 : Risk of Denial of Service (DOS) CVE-2021-45046 : Risk of information leak and remote code execution in some environments and local code execution in all environments Update 22/12: Updated table assessing the risks at […]

Log4shell, how to protect my cloud workloads Read More »

Log4j Vulnerability

Log4j vulnerability (CVE-2021-44228)

On December 10th, a group of security researchers published a security notice regarding a vulnerability in Log4j. Log4j is a library commonly used in Java environment to manage logging. Log4j versions 2.0 to 2.14.1 are affected by a vulnerability that may lead to remote code execution (RCE). Older versions of Log4j (1.X) might also be

Log4j vulnerability (CVE-2021-44228) Read More »

Security matters

Security Matters – How OVHcloud covers the European landscape of security standards

Cloud Security is not only a mayor topic for companies, customers in the public sector but also for the politicians. Since there is still no EU-wide uniform regulation of corresponding safety standards, the individual member states rely on their own laws and regulations. That means: The compliance of the companies must also adjust to the

Security Matters – How OVHcloud covers the European landscape of security standards Read More »

Microsoft Exchange Server Vulnerabilities

Microsoft Exchange Server Vulnerabilities

On March 2nd, Microsoft published a security patch for 4 vulnerabilities on Microsoft Exchange Server. Security researchers detected that those vulnerabilities are actively exploited for targeted attacks. The vulnerable version are: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 All OVHcloud Exchange managed services have been patched

Microsoft Exchange Server Vulnerabilities Read More »

The Bastion - Part 3

The Bastion – Part 3 – Security at the core

In previous parts, we’ve covered the basic principles of the bastion. We then explained how delegation was at the core of the system. This time, we’ll dig into some governing principles of how The Bastion is written. In a nutshell, the main purpose of the bastion is to ensure security, auditability and reliability in all

The Bastion – Part 3 – Security at the core Read More »

OVHcloud Predictor - Part 1

OVHcloud Predictor, part 1

In our previous article concerning the CVE-2017-9841 vulnerability, we presented our web application firewall (WAF) implemented with NAXSI. Usually, a WAF is run directly on the web server. At OVHcloud, we chose to run our web application firewall upstream, on a very powerful software layer that is specific to our web hosting infrastructures. These are

OVHcloud Predictor, part 1 Read More »

The OVHcloud Bastion - Part 2

The OVHcloud SSH Bastion – Part 2: delegation dizziness

This is the second part of a blog series, here is part one. We’ve previously found that the bastion is not your usual SSH jumphost (in fact, we found it is not a jumphost at all) and we discussed how the delegation was one of the core features we’d originally needed. So, let’s dive into

The OVHcloud SSH Bastion – Part 2: delegation dizziness Read More »