CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.

It doesn’t seem that long ago that I wrote about the OWASP Top 10 changes that came in 2017. OWASP has announced the release for the new 2021 Top 10. Find out more about Broken Access Control and Cryptographic Failure vulnerabilities and understand what it means for application development and DevSecOps

During a web shell attack, a cybercriminal injects a malicious file into a target web server's directory and then executes that file from their web browser. After launching a successful web shell attack, cybercriminals could gain access to sensitive resources, recruit the target system into a botnet, or create pathways for malware or ransomware injections. If you haven't implemented defense strategies against this cyber threat, your systems are at a high risk of exploitation.

Do you want to archive old emails now? We’ve all seen the prompt and many of us choose to consign thousands of emails to an uncertain fate, protected (somewhere) in case we should ever need to cover our arses in some future argument. But this paints a very limited and negative picture of the importance and indeed relevance of archives. Today archives are associated with rearward-facing research, often seeking to uncover a truth long after alternative facts have taken hold.

Nightfall has added remediation actions for Google Drive violations, so you can fix the issue automatically or with just a click. Nightfall for Google Drive is one of our most popular integrations, helping customers to discover and classify sensitive data across Google Drive. Once sensitive data violations are found to exist in Google Drive, you want to take steps to protect the data – because removing the risk is really the point, isn’t it?

Customers using Microsoft SQL Server tend to grow horizontally in terms of the number of databases. For recent versions of SQL Server, the max number of databases you can have on a single instance is 32,767 and it is common to see customers push that limit. At Rubrik, we have run into several customers who approach 10,000 databases on a single host. As SQL Server accelerates the push into the enterprise segment, one needs to address the problem of managing and protecting these servers at scale.

Most organizations understand the critical role that cybersecurity solutions play in protecting their environment. However, the abundance of available tools that claim to serve that need are leaving them unsure they're actually protected against today's sophisticated threats.

The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP develop and manage a public framework that documents the top 10 risks to application security, the OWASP Top 10. It provides developers and security professionals with the industry’s consensus on the most significant risks to web applications and recommends security controls to mitigate them.

When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.