%term

CVE-2022-0185 - What does the newest kernel exploit mean for Kubernetes users and how to detect it?

Jan 23, 2022 By Ben Hirschberg In ARMO

In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability that enables attackers to escape containers and get full control over the node. To be able to exploit this vulnerability, the attacker needs to be able to run code in the container and the container must have CAP_SYS_ADMIN privileges. Linux kernel and all major distro maintainers have released patches.

Read Post

ARMO

Read more about CVE-2022-0185 - What does the newest kernel exploit mean for Kubernetes users and how to detect it?

CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape

Jan 21, 2022 By Michael Clark In Sysdig

This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0185 and is rated as a High (7.8) severity. The flaw occurs in the Filesystem Context system when handling legacy parameters. An attacker can leverage this flaw to cause a DDoS, escape container environments, and elevate privileges.

Read Post

Sysdig

Read more about CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape

Log4j: How a Single Vulnerability Can Affect Multiple Systems

Jan 19, 2022 By Rob Horne In Trustwave

There are truisms that span history. One truism is that a single mistake can lead to disaster, and to some extent the series of vulnerabilities affecting the organizations that use Apache Log4j.

Read Post

Trustwave

Read more about Log4j: How a Single Vulnerability Can Affect Multiple Systems

Vulnerable AWS Lambda function - Initial access in cloud attacks

Jan 18, 2022 By Stefano Chierici In Sysdig

Our security research team will explain a real attack scenario from the black box and white box perspective on how a vulnerable AWS Lambda function could be used by attackers as initial access into your cloud environment. Finally, we show the best practices to mitigate this vector of attack. Serverless is becoming mainstream in business applications to achieve scalability, performance, and cost efficiency without managing the underlying infrastructure.

Read Post

Sysdig

Read more about Vulnerable AWS Lambda function - Initial access in cloud attacks

Live Hacking: Find Vulnerabilities in Your Apps Before Hackers Do

Jan 18, 2022 By Snyk In Snyk

As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?

View Video

Snyk

Read more about Live Hacking: Find Vulnerabilities in Your Apps Before Hackers Do

A CISO's Point of View on Log4j

Jan 18, 2022 By Lamont Orange In Netskope

No sooner did word start to spread about Apache Log4j that the usual torrent of blaring headlines, vendor marketing, and tips and tricks-style “information” quickly followed. You can find plenty of solid technical analysis out there about Log4j, and we’ve already posted information about Netskope protections and threat coverage from Netskope Threat Labs. But that’s not this post.

Read Post

Netskope

Read more about A CISO's Point of View on Log4j

What is URL Confusion?!

Jan 17, 2022 By Snyk In Snyk

We talk with the Claroty team and Daniel Stenberg, creator of curl, about URL Confusion Vulnerabilities.

View Video

Snyk

Read more about What is URL Confusion?!

What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

Jan 15, 2022 By Cyphere In Cyphere

Penetration testing is a way to test the security of your network by simulating an attack on it. This video explains what penetration testing is, why you should use it, and how to find out if your company needs one.

View Video

Cyphere

Read more about What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

Chatting with the Log4JShell Bytecode Detector Creators

Jan 13, 2022 By Snyk In Snyk

Brian and Kyle chat with Johannes about the project!

View Video

Snyk

Read more about Chatting with the Log4JShell Bytecode Detector Creators

Monitoring your AWS environment for vulnerabilities and threat detection

Jan 13, 2022 By Sumo Logic In Sumo Logic

Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.

Read Post