Archives: Projects

Home » Projects
Project

Sheetz is quitting VMware, migrating 11,000 virtual machines

Sheetz, a US convenience store chain, is moving its 838 locations off VMware. Sheetz has used VMware virtualization across two Dell R440/R450-series servers at each of its locations since 2019. Now it’s migrating 12 to 14 virtual machines (VMs) in each of its stores from VMware vSphere to StorMagic’s SvHCI, “with an additional two VMs...

Project

Windows 0-day drops the same day Microsoft releases record number of patches

Right on the heels of Microsoft releasing a record number of security patches, a researcher has published exploit code that can enable low-privilege Windows accounts to make sensitive changes to administrator accounts. The exploit, which multiple researchers say works, is sending Microsoft scrambling, yet again, to patch a zero-day released by an anonymous researcher who...

Project

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but...

Project

The US government warns that Russia state hackers are coming after your router

The federal government is warning users of home and small office routers to secure their devices as Russia state hackers continue to mass-compromise them for use in obscuring nefarious actions against sensitive organizations in the public and private sectors. Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war...

Project

Now, defenders are embracing the prompt injection, too

Prompt injections, the malicious commands attackers embed into content to entice large language models to follow them, have been attackers’ go-to tool for turning AI platforms against their users. A well-phrased command sneaked into an email or calendar invitation is often all it takes to cause the LLM to exfiltrate sensitive data or follow other...