Ranting researcher publishes VM-busting zero-day without warning

A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the infosecurity industry. St Petersburg-based Sergey Zelenyuk dropped the bug, which affects Oracle’s VirtualBox software, on GitHub this week We’re linking to the bug here because Zelenyuk provides a workaround, and attackers will be at an advantage if they see it and you don’t.

Read full news article on Naked Security