%term

CVE-2022-47633: Kyverno's container image signature verification can be bypassed by a malicious registry or proxy

Dec 21, 2022 By Ben Hirschberg In ARMO

Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container image signature verification mechanism. The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy. The vulnerability was introduced in version 1.8.3 and was fixed in version 1.8.5.

Read Post

ARMO

Read more about CVE-2022-47633: Kyverno's container image signature verification can be bypassed by a malicious registry or proxy

Secure your application development with AWS and Mend

Dec 21, 2022 By Mend In Mend

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.

View Video

Mend

Read more about Secure your application development with AWS and Mend

Insight into The 2022 Vulnerability Management Report

Dec 21, 2022 By Tripwire Guest Authors In Tripwire

This year marks the release of the first 2022 Vulnerability Management Report from Fortra. The report, which was conducted in September 2022, is based on a comprehensive survey of over 390 cybersecurity professionals with the goal of gaining insights into the latest trends, key challenges, and vulnerability management solution preferences.

Read Post

Tripwire

Read more about Insight into The 2022 Vulnerability Management Report

ISO 27001:2022 and the new requirements for Data Leakage Prevention

Dec 21, 2022 By Michael Osakwe In Nightfall

The ISO 27001 is one of the most recognized security standards for private sector organizations across the globe and is often required by prospective enterprise customers, helping organizations unlock new business opportunities. ISO 27001 was recently updated along with its companion guidance standard ISO 27002. The updated title for this standard is ISO/IEC 27001:2022 Information Security, Cybersecurity, and Privacy Protection.

Read Post

Nightfall

Read more about ISO 27001:2022 and the new requirements for Data Leakage Prevention

Cyber Threat Intelligence Series: A Lens on the Healthcare Sector

Dec 21, 2022 By Kroll In Kroll

A review of recent Kroll incident response cases consistently proves that the healthcare industry is one of the most frequently targeted sectors. This observation mirrors what is experienced by national cybersecurity agencies as multiple warnings have been launched during 2022, highlighting how ransomware gangs and nation state actors are now aggressively targeting healthcare institutions.

Read Post

Kroll

Read more about Cyber Threat Intelligence Series: A Lens on the Healthcare Sector

Cloud security updates you need to know from re:Invent 2022

Dec 21, 2022 By Shilpi Bhattacharjee, Ashish Rajan In Snyk

After a two-year hiatus (virtual in 2020 and hybrid in 2021), AWS re:Invent was back in person this year in its full glory. Over 52,000 people attended — more than we saw at RSA (26,000) and Blackhat USA (21,000) combined this year.

Read Post

Snyk

Read more about Cloud security updates you need to know from re:Invent 2022

Kubernetes network policy best practices

Dec 21, 2022 By Peter De Tender In Snyk

Controlling and filtering traffic when containerizing a workload within Kubernetes Pods is just as crucial as a firewall in a more traditional network setup. The difference is that, in this scenario, those capabilities are provided by the Kubernetes NetworkPolicy API. This article will explore Kubernetes NetworkPolicy by creating an example network policy and examining its core parameters. Then, we’ll look at some common NetworkPolicy use cases and learn how to monitor them using kubectl.

Read Post

Snyk

Read more about Kubernetes network policy best practices

New Microsoft Exchange Exploit Chain via "OWASSRF" Leads to RCE

Dec 21, 2022 By James Liolios In Arctic Wolf

On Wednesday, December 21, 2022, security researchers shared that they observed ransomware threat actors using a new exploit chain that bypasses the ProxyNotShell URL rewrite mitigations that were shared by Microsoft in September and October. This new exploit chain works by abusing CVE-2022-41080 & CVE-2022-41082 and leads to remote code execution on affected Exchange servers through Outlook Web Access (OWA).

Read Post

Arctic Wolf

Read more about New Microsoft Exchange Exploit Chain via "OWASSRF" Leads to RCE

Workflow Manager

Dec 21, 2022 By Torq In Torq

The Workflows page includes a list of all workflows created for the current account. You can create a new workflow, import a workflow, or use the filters to find a specific workflow you want to continue working on.

View Video

Torq

Read more about Workflow Manager

Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Dec 21, 2022 By Arctic Wolf Labs In Arctic Wolf

“It’s about doing good and doing it exceedingly well.” This was how Daniel Thanos, Head of Arctic Wolf Labs, described the work of Arctic Wolf Labs when accepting the award for Open-Source Tool Creator of the Year, as voted by the SANS Insitute community at the 2022 Difference Makers Awards. This prestigious awards program “honors individuals and teams in the cyber security community who have made a measurable and significant difference in security.”

Read Post