CVE-2022-23648, reported by Google’s Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerd’s CRI plugin that handles OCI image specs containing “Volumes.” The attacker can add Volume containing path traversal to the image and use it to copy arbitrary files from the host to container mounted path. The vulnerability was reported by Felix Wilhelm on Nov.

In recent weeks, Cyberint has been monitoring a new marketplace that appeared in the TOR network, an insiders network called Industrial Spy. This new platform was established in around mid-March this year and is currently being promoted on known Darknet forums and Telegram channels. The platform’s main goal is to become the ultimate repository containing victims’ data, which is mainly gathered by threat actors and insiders.

I have news to share. Teleport has just secured $110M in Series C funding to keep growing the business that I started with my co-founders Sasha Klizhentas and Taylor Wakefield in 2015. This is exciting for founders and employees, but I think it is also excellent news for all software engineers who are crying out for a better way to manage secure access to their mission-critical cloud infrastructure. More on that below.

Ladies and gentlemen of all ages and security roles, let us dive head-first into this newish thing called XDR. There is no shortage of vendors, and researchers, providing you their definition on what XDR actually represents so it becomes is there one you agree with or not. Taking a slightly different tact to explore what does XDR mean to you, and your security team.

Today I have the honour of introducing the most powerful and capable 1Password ever. Wrapped in a gorgeous new design and blazingly fast, 1Password 8 is our love letter to Mac users everywhere. 💌

Artificial intelligence has been (and continues to be) a popular topic of discussion in areas ranging from science fiction to cybersecurity. But as much fun as it might be to discuss my favorite sci-fi AI stories, let’s set aside the works of Asimov, Bradbury and other storytellers to focus on the role of AI in cybersecurity.

The months continue to peel off of the calendar and Spring is in the air. As usual, the team at LimaCharlie has been busy pushing the state of cybersecurity forward. In the last month, we have fixed some bugs, brought real-time detections into the web application, and launched a new sensor type. On May 19th at 10.00 AM PST join us as we present a webinar on how to reduce security tooling spend by augmenting Splunk and other high-cost data solutions with LimaCharlie.

According to Joshua Ray, managing director, Global Cyber Defense Lead, Accenture, “Every business is digital now and must adopt a resilient cybersecurity posture to protect their value.