%term

CVE-2022-23648 - Arbitrary Host File Access from containers launched by containerd CRI and its impact on Kubernetes

Mar 29, 2022 By Leonid Sandler In ARMO

Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.

Read Post

ARMO

Read more about CVE-2022-23648 - Arbitrary Host File Access from containers launched by containerd CRI and its impact on Kubernetes

Firewall Inferno - Sophos & SonicWall Vulnerabilities

Mar 29, 2022 By Sule Tatar In Arctic Wolf

CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall vulnerability (CVE-2022-1040) and the SonicWall Firewall vulnerability (CVE-2022-22247).

Read Post

Arctic Wolf

Read more about Firewall Inferno - Sophos & SonicWall Vulnerabilities

Splunk Indexer Vulnerability: What You Need to Know

Mar 29, 2022 By Chris Cooney In Coralogix

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

Read Post

Coralogix

Read more about Splunk Indexer Vulnerability: What You Need to Know

Vulns Unleashed: dompdf

Mar 28, 2022 By Snyk In Snyk

Join Kyle and Brian with guest DeveloperSteve as we learn about the dompdf vulnerability! We’ll dive into the latest CVEs, examine the vulnerable code, execute working exploits, and understand how to apply important fixes. By the end of the show, you’ll know how to find, exploit, and remediate these vulnerabilities in your own projects with ease.

View Video

Snyk

Read more about Vulns Unleashed: dompdf

Outpost24 webinar - The State of Ransomware in 2021 and How to Limit Your Exposure

Mar 24, 2022 By Outpost 24 In Outpost 24

Ransomware has continued to grow in maturity throughout the first half of 2021. As businesses struggle to understand yet another major attack that hit the Kaseya supply chain, organizations are beginning to realize data backups and cyber insurance alone won’t save them.

View Video

Outpost 24

Read more about Outpost24 webinar - The State of Ransomware in 2021 and How to Limit Your Exposure

An overview of our vulnerability assessment and pentesting process | Cyphere

Mar 23, 2022 By Cyphere In Cyphere

This video will give you a broad overview of our vulnerability assessment and pentesting process. We'll talk about the different phases, how we prioritize vulnerabilities, and what workflows we use to make sure that your team is getting the most out of every engagement.#vapt #vulnerabilityassessment #pentesting

View Video

Cyphere

Read more about An overview of our vulnerability assessment and pentesting process | Cyphere

Large-scale npm attack targets Azure developers with malicious packages

Mar 23, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Two days ago, several of our automated analyzers started alerting on a set of packages in the npm Registry.

Read Post

JFrog

Read more about Large-scale npm attack targets Azure developers with malicious packages

Shifting Log4j Discovery Right

Mar 22, 2022 By Hope Goslin In Veracode

You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect applications that have been deployed to or staged in runtime environments.

Read Post

Veracode

Read more about Shifting Log4j Discovery Right

How to prepare for the next log4j

Mar 21, 2022 By Sysdig In Sysdig

View Video

Sysdig

Read more about How to prepare for the next log4j

Russian Hackers Exploit MFA protocols and Print Spooler "PrintNightmare" vulnerability

Mar 20, 2022 By John Gates In CalCom

A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”

Read Post