The rise in supply chain attacks on software has made it crucial for open-source developers using Go to monitor and assess the risks of their dependencies. Go provides built-in protections to help trust the integrity of packages, including the ability to detect and prevent malicious versions or with.. read more  

Database modernization from Db2 and Oracle tables with LOB datatypes to Azure SQL PaaS offering (DB / MI) or SQL Server provides an opportunity to optimize databases by storing LOB data as Azure Datalake storage blob objects. This approach reduces maintenance time, offers flexibility in backup, disa.. read more  

Auto-GPT arbitrary code execution and docker escape: Researchers discovered a vulnerability in Auto-GPT that allowed attackers to execute arbitrary code by injecting prompts and manipulating the user approval process. They also found a method to escape the Auto-GPT docker image and gain access to th.. read more  

Developer automates the process of creating custom virtual machine images using the Azure Image Builder feature, eliminating the need for manual provisioning and configuration. This automation process involves defining resources in Azure, customizing the virtual machine image, and building the final.. read more  

A vulnerability in ServiceNow allows a low-privilege user to gain unauthorized full administrative access to the platform. By exploiting certain vulnerabilities, such as insecure access control and session token manipulation, an attacker can escalate their privileges from a standard user to an admin.. read more  

One is deploying an HPC embarrassingly parallel application in Azure Virtual Machine Scale Sets (VMSSs) and realized that (i) ssh into VM instances is possible even when they have not been fully provisioned and (ii) worker processes start before such provisioned state is reached. If you got into thi.. read more  

The Microsoft SQL Server has an undocumented design choice that allows it to bypass web application firewalls (WAFs) due to a lax attitude towards SQL parsers. This unorthodox design choice can potentially be exploited by hackers to bypass security protections provided by WAFs... read more  

Azure's MLPerf Training v3.0 submission showcased their ND H100 v5 virtual machine, featuring 8x NVIDIA H100 Tensor Core GPUs with advanced technologies like NVSwitch and NVLink 4.0, Quantum-2 CX7 InfiniBand, 4th Gen Intel Xeon Scalable processors, and high-speed interconnects. Replicating the resul.. read more  

IntroducingAzure OpenAI Service on your datain public preview—a groundbreaking feature that unlocks the power of OpenAI models, such as ChatGPT and GPT-4, with your own data... read more  

This CSI explains how to integrate security best practices into typical software development and operations (DevOps) Continuous Integration/Continuous Delivery (CI/CD) environments, without regard for the specific tools being adapted, and leverages several forms of government guidance to collect and.. read more