Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The most beautiful and inspiring aspect about open source code is, well, that it’s open source. We can look at open source packages like gifts that are exchanged between developers across the engineering world, allowing them to learn from the work other people do, contribute their own expertise, and grow their professional capabilities. Contributing to open source is much appreciated, and it is important to remember not only to benefit from these projects, but also to contribute back.

Kubernetes is a valuable resource and a leading container management system in development pipelines across the world, but it’s not exempt from malicious attacks. Using Kubernetes requires a deep understanding of Kubernetes’ environment—including the different vulnerabilities you can be exposed to while creating, deploying, or running applications in your clusters.

TL/DR: Gender inequality and the lack of women is ubiquitous in tech companies – more so in cybersecurity. While it has been a debate that’s been on for years, more action needs to take place to empower female professionals and founders in the sector. In honor of International Women’s Day, a handful of women at Detectify shared more about what inspires them and how they encourage other women to take up space despite the challenges and thrive in the security industry every day.

One chief information security officer (CISO) recently asked me how he should describe SASE (secure access service edge) and zero-trust networking to his company’s directors. My answer was easy: You shouldn’t. As companies revamp their technology infrastructure to leverage cloud efficiencies and enable a remote workforce, cybersecurity is now mission-critical for senior executives and boards of directors.

On March 4th, a new privilege escalation vulnerability (CVE-2022-0492) in the Linux kernel was published. It has the potential to allow container escape and take control over the entire node on which the container runs. All the CSPs and Linux distribution providers have issued patches to close this vulnerability. Unfortunately, there is no unified kernel version numbering across these platforms and some of them allow to apply a patch without changing the kernel version number.

Another day, another cloud service leaking personal data because of a misconfiguration. And before you jump to any conclusions, no, it’s not a leaky bucket on AWS S3 or a public blob on Microsoft Azure… The culprit is, once again, GitHub, where an open-source hardware manufacturer has inadvertently left exposed a private-to-public repository that “could have enabled unauthorized access to information about certain user accounts on or before 2019.”

Linux maintainers disclosed a privilege escalation vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0492 and is rated as a High (7.0) severity. The flaw occurs in cgroups permitting an attacker to escape container environments, and elevate privileges. The vulnerable code was found in the Linux Kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.

In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening. The flaw has already been patched in the Linux kernel and the Android kernel. Affected Linux distributions are in the process of pushing out security updates with the patch. Due to the similarities of the Dirty Cow flaw, CVE-2016-5195; has been named Dirty Pipe.

Happy International Women’s Day 2022. This year the theme is 'Break the Bias,' which calls for everyone to take action and call out gender bias, discrimination, and stereotyping. Infosecurity Magazine recently highlighted 90% of security leaders are suffering skills shortages, with 3.5 million positions unfilled in 2021. According to Best Colleges, women continue to outnumber men in college completion.

We are very excited to announce the launch of the new, improved LimaCharlie website (yes, this one!). The new site allows content to load faster, and, enhanced by a polished design, reflects the level of professionalism we exemplify. Overall, the new website facilitates a clear understanding of the value proposition our product encompasses. However, these are not the only reasons why we are so excited about it.