Stopping Drupal’s SA-CORE-2019-003 Vulnerability

Stopping Drupal’s SA-CORE-2019-003 Vulnerability

On the 20th February 2019, Drupal announced that they had discovered a severe vulnerability and that they would be releasing a patch for it the next day. Drupal is a Content Management System used by many of our customers, which made it important that our WAF protect against the vulnerability as quickly as possible.

As soon as Drupal released their patch, we analysed it to establish what kind of payloads could be used against it and created rules to mitigate these. By analysing the patch we were able to put together WAF rules to protect cloudflare customers running Drupal.

We identified the type of vulnerability we were dealing within 15 minutes. From here, we were able to deploy rules to block the exploit well before any real attacks were seen.

The exploit

As Drupal's release announcement explains, a site is affected if:

  • It has the Drupal 8 RESTful API enabled                                      
  • Or it uses one of the 8 modules found to be affected

From looking at the patch we very quickly realised the exploit would be based on deserialization. The option ['allowed_classes' Continue reading

BrandPost: 4 Tips for Easier Edge Deployments

There are plenty of reasons for organizations to embrace edge computing. By moving applications, data, and computing services to the edge of a network, as opposed to a large data center or cloud, organizations can lower operating costs, improve application performance, reduce network traffic, and achieve real-time data analytics.As more organizations come to know the advantages of edge of network devices, many are eyeing deployments. In fact, according to the IDG 2018 State of the Network, 56% of networking professionals have plans for edge computing in their organizations.To read this article in full, please click here

4 Tips for Easier Edge Deployments

There are plenty of reasons for organizations to embrace edge computing. By moving applications, data, and computing services to the edge of a network, as opposed to a large data center or cloud, organizations can lower operating costs, improve application performance, reduce network traffic, and achieve real-time data analytics.As more organizations come to know the advantages of edge of network devices, many are eyeing deployments. In fact, according to the IDG 2018 State of the Network, 56% of networking professionals have plans for edge computing in their organizations.To read this article in full, please click here

4 Tips for Easier Edge Deployments

There are plenty of reasons for organizations to embrace edge computing. By moving applications, data, and computing services to the edge of a network, as opposed to a large data center or cloud, organizations can lower operating costs, improve application performance, reduce network traffic, and achieve real-time data analytics.As more organizations come to know the advantages of edge of network devices, many are eyeing deployments. In fact, according to the IDG 2018 State of the Network, 56% of networking professionals have plans for edge computing in their organizations.To read this article in full, please click here

Cumulus Networks Named to CRN Data Center 50

Cumulus Networks is proud to announce CRN®, a brand of The Channel Company, has named us to its 2019 Data Center 50 list.

This annual list identifies technology suppliers that offer the right management tools to help businesses and solution providers ensure data centers run with maximum performance and efficiency. We couldn’t be more thrilled! This accomplishment really solidifies our vision — to build the modern data center networks for applications of the future.

It’s been a while since we updated our blog community with our evolved vision for the modern data center, so we thought this would be a great opportunity to review a little bit about what Cumulus has been doing lately and how our products have evolved.

Our story — Building the modern data center

We pride ourselves on providing networking software to design, run and operate modern data centers that are simple, open, resilient, scalable and operationally efficient.

Our network operating system, Cumulus Linux, is a powerful, open network operating system that allows you to automate, customize and scale using web-scale principles like the world’s largest data centers.

When it comes to data center networks, traditional network solutions are unable keep up with the pace of Continue reading

Huawei’s possible lawsuit, ransomware readiness, old malware resurfaces | TECH(feed)

The ongoing battle between the U.S. and Huawei could soon go to court as Huawei reportedly prepares to sue the U.S. government. Plus, 2019 will see ride sharing companies going public… but which will be first? And as a decade-old malware resurfaces in enterprise networks, a report questions if the world is ready for the next large-scale ransomware attack.

How to configure a static IP address on Linux

IP addresses on Linux systems are often assigned automatically by Dynamic Host Configuration Protocol (DHCP) servers. These are referred to as "dynamic addresses" and may change any time the system is rebooted. When a system is a server or will be remotely administered, however, it is generally more convenient for these systems to have static addresses, providing stable and consistent connections with users and applications.Fortunately, the steps required to change a Linux system's IP address from dynamic to static are fairly easy, though they will be a little different depending on the distribution you are using. In this post, we'll look at how this task is managed on both Red Hat (RHEL) and Ubuntu systems.To read this article in full, please click here

History of Networking: George Swallow on MPLS/TE

Traffic engineering (TE) is one of the most complex technologies used in large scale networks today. George Swallow joins us for a look at how and why TE was invented, and where some of the ideas came from.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Sponsored Post: Software Buyers Council, InMemory.Net, Triplebyte, Etleap, Stream, Scalyr

Who's Hiring? 


  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Fun and Informative Events

  • Join Etleap, an Amazon Redshift ETL tool to learn the latest trends in designing a modern analytics infrastructure. Learn what has changed in the analytics landscape and how to avoid the major pitfalls which can hinder your organization from growth. Watch a demo and learn how Etleap can save you on engineering hours and decrease your time to value for your Amazon Redshift analytics projects. Register for the webinar today.

  • Advertise your event here!

Cool Products and Services

  • Shape the future of software in your industry. The Software Buyers Council is a panel of engineers and managers who want to share expert knowledge, contribute to improvement of software, and help startups in their industry. Receive occasional invitations to chat with for 30 minutes about your area of expertise and software usage. No obligations, no marketing emails or sales calls. Upcoming topics include infrastructure and application monitoring, AI/ML platforms, and more. Learn Continue reading

Mobile World Congress: The time of 5G is (almost) here

If there was one common theme to the blizzard of announcements, demonstrations and general public happenings going on at MWC 2019 in Barcelona this year, it was that everyone from smartphone makers to mobile carriers to hardware manufacturers is wildly excited about the advent of 5G technology.Wireless equipment vendors, like Nokia and Ericsson, both announced slates of 5G customers and rolled out new capabilities aimed at helping 5G reach the critical inflection point. Smartphone manufacturers touted the pending availability of 5G-capable handsets, and silicon vendors trumpeted their 5G-ready chipsets and SIM cards.To read this article in full, please click here

Heavy Networking 433: An Insider’s Guide To AWS Transit Gateways

AWS Transit Gateways, an evolution of Transit VPCs, centralize VPN connectivity to multiple VPCs, allowing for greater scale and simpler connectivity and management. Today's Heavy Networking drills into this topic with guest Nick Matthews, an AWS solutions architect. We also examine Global Accelerator and TLS termination on Network Load Balancer.

The post Heavy Networking 433: An Insider’s Guide To AWS Transit Gateways appeared first on Packet Pushers.

The data center is being reimagined, not disappearing

I have documented more than once that the data center is not going away; it’s being reimagined. And now comes a report with greater details on that change.Spiceworks has released its 2019 State of Servers report that examines on-premises server infrastructure in the workplace, including purchase plans, brand prevalence, and perceptions. The results of the survey, which was conducted in February and included 530 IT buyers from organizations across North America and Europe, show that 98 percent of businesses currently run on-premises servers, and 72 percent of businesses plan to purchase new server hardware within the next three years. To read this article in full, please click here

1 1,308 1,309 1,310 1,311 1,312 3,856