What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-15 11:53:55 | Xavier Pestel – Weborama : " Nous faisons du Kubernetes au quotidien " (lien direct) | Xavier Pestel, Lead SRE (Site Reliability Engineering) détaille comment il pilote l'infrastructure DMP de Weborama, qui s'appuie sur deux fournisseurs de Cloud public, avec Kubernetes. | Guideline Guideline Cloud | Uber | ★★★ |
 |
2023-03-13 23:30:00 | Christophe Auberger, Fortinet : Les technologies doivent être à même de masquer la complexité (lien direct) | A l'occasion du FIC, Fortinet mettra en avant entre autre la cybersécurité en environnement industriel, la cybersécurité du multi-cloud et la protection des collaborateurs en situation de mobilité et du poste de travail. - Interviews / FIC 2023, affiche | Uber | ★★ | |
 |
2023-03-09 21:15:11 | CVE-2023-27484 (lien direct) | crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround. | Guideline | Uber | |
|
2023-03-09 21:15:11 | CVE-2023-27483 (lien direct) | crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate. | Vulnerability | Uber | |
 |
2023-03-07 14:00:00 | CyberheistNews Vol 13 #10 [Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
CyberheistNews Vol 13 #10 | March 7th, 2023
[Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About
This week, Bloomberg News pointed at a brand-new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are not secure by design. It is an excellent wake-up call for your C-level execs and powerful budget ammo.
They started out with: "As Putin began his invasion of Ukraine, a network used throughout Europe-and by the Ukrainian military-faced an unprecedented cyberattack that doubled as an industrywide wake-up call. What they refer to is the Viasat hack. The KnowBe4 blog initially reported on this hack on March 24, 2022 here: https://blog.knowbe4.com/wired-a-mysterious-satellite-hack-has-victims-far-beyond-ukraine and in our CyberheistNews May 17, 2022 here: https://blog.knowbe4.com/cyberheistnews-vol-12-20-heads-up-now-you-need-to-watch-out-for-spoofed-vanity-urls.
The article continues to describe how a large number of Viasat customers lost connectivity. Here is a quote: "Viasat staffers in the U.S., where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of internet connections in at least 13 countries were going dead.
"Some of the biggest service disruptions affected providers Bigblu Broadband PLC in the U.K. and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion."
"Industry was caught flat-footed," says Gregory Falco, a space cybersecurity expert who has advised the U.S. government. "Ukrainians paid the price. The war is really just revealing the capabilities," says Erin Miller, who runs the Space Information Sharing and Analysis Center, a trade group that gathers data on orbital threats. Cyberattacks affecting the industry, she says, have become a daily occurrence. The Viasat hack was widely considered a harbinger of attacks to come."
For many end-users, the frustrating thing about the Viasat hack is that, unlike with a phishing attack, there was nothing they could have done to prevent it. But the Russians (this smells like GRU) would have to know a lot of detail about Viasat's systems to execute an attack like th |
Guideline | Uber | ★★ |
 |
2023-03-01 23:50:00 | Ermetic Adds Kubernetes Security to CNAPP (lien direct) | The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters. | Uber | ★★★ | |
|
2023-03-01 19:15:25 | CVE-2022-3294 (lien direct) | Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. | Uber | ||
 |
2023-03-01 00:00:00 | Configuring host-level audit logging for AKS VMSS (lien direct) | This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future. | Uber | ★★★ | |
|
2023-03-01 00:00:00 | Azure Kubernetes Service (AKS) Threat Hunting (lien direct) | As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases. | Threat | Uber | ★★★ |
|
2023-02-28 19:15:16 | CVE-2023-1065 (lien direct) | This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case). | Vulnerability | Uber | |
|
2023-02-28 17:43:44 | Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist (lien direct) | The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. | Cloud | Uber | ★★ |
 |
2023-02-22 08:00:00 | 5 Examples of Top Social Engineering Attacks (lien direct) |
There's something both humbling and terrifying about watching industry giants like Twitter and Uber fall victim to cyber attacks. |
Uber Uber | ★★★ | |
 |
2023-02-22 04:00:36 | What Is Kubernetes Observability and Why It\'s Critical for Securing Your Clusters (lien direct) | What Is Kubernetes Observability? Kubernetes observability refers to the ability to monitor and diagnose the performance and behavior of a Kubernetes cluster and its applications. This includes monitoring resource usage, tracking the status of pods and deployments, and identifying and troubleshooting errors. Observability tools for Kubernetes typically include metrics, logging, and tracing capabilities. These tools can be integrated with Kubernetes to provide a comprehensive view of the cluster and its applications, allowing administrators to quickly identify and resolve issues. For more... | Uber | ★★ | |
|
2023-02-16 18:15:11 | CVE-2023-23947 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. Either modify the RBAC configuration to completely revoke all `clusters, update` access, or use the `destinations` and `clusterResourceWhitelist` fields to apply similar restrictions as the `namespaces` and `clusterResources` fields. | Tool Vulnerability | Uber | |
|
2023-02-16 15:06:18 | Les entreprises sont confrontées à la complexité du cloud à l\'heure où l\'adoption des applications modernes gagne du terrain dans le monde entier (lien direct) | Les entreprises sont confrontées à la complexité du cloud à l'heure où l'adoption des applications modernes gagne du terrain dans le monde entier Le rapport 2022 NGINX sur l'état de la livraison des applications et des APIs met en lumière les dernières tendances en matière de modernisation Le déploiement de clouds hybrides et l'adoption de Kubernetes continuent de dominer. - Points de Vue | Uber | ★★ | |
|
2023-02-15 15:46:19 | Salt Security nomme Gilad Gruber Senior Vice President en charge de l\'ingénierie (lien direct) | Salt Security nomme Gilad Gruber Senior Vice President en charge de l'ingénierie À ce poste nouvellement créé, Gilad Gruber chapeautera l'ingénierie et pilotera la stratégie technologique de Salt, qui continue à perfectionner sa plateforme de sécurisation des API pour répondre à une demande croissante. - Business | Uber | ★ | |
|
2023-02-15 01:00:00 | Expel Tackles Cloud Threats With MDR for Kubernetes (lien direct) | The new managed detection and response platform simplifies cloud security for Kubernetes applications. | Uber | ★★ | |
 |
2023-02-14 03:34:00 | Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment (lien direct) | Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE ATT&CK framework to help teams remediate threats and improve resilience, Expel added.Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling, and management of applications, usually in a cloud environment. Over time, it has become the de facto operating system of the cloud, but can also pose significant security risks and challenges for businesses.To read this article in full, please click here | Uber | ★ | |
|
2023-02-13 19:15:11 | CVE-2023-24619 (lien direct) | Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | Uber | ||
|
2023-02-13 13:39:15 | ChatGPT peut-il sécuriser Kubernetes ? (lien direct) | Plusieurs plates-formes de monitoring pour Kubernetes ont établi des passerelles avec ChatGPT. | Uber ChatGPT | ★★ | |
|
2023-02-13 08:28:52 | Christophe Baroux Sysdig : Nous concentrons sur la résolution des problèmes que les équipes doivent résoudre (lien direct) | Sysdig, créée en 2014, est forte aujourd'hui de 700 collaborateurs dans le monde. Elle a lancé une offre de sécurité pour les conteneurs et du cloud. Sysdig Secure, une plateforme de protection des applications natives du cloud (CNAPP), assure la sécurité du cloud et des conteneurs afin de stopper les brèches sans perte de temps. Sysdig Monitor simplifie la surveillance du cloud et de Kubernetes. Christophe Baroux SEMEA Sales Director de Sysdig nous concentrons sur la résolution des problèmes que les équipes doivent résoudre. - Interviews / affiche | Uber | ★★ | |
|
2023-02-13 08:28:34 | Christophe Baroux Sysdig: We focus on solving the problems that teams need to solve (lien direct) | Sysdig, created in 2014, now has 700 employees worldwide. It has launched a security offer for containers and the cloud. Sysdig Secure, a Cloud Native Application Protection Platform (CNAPP), provides cloud and container security to stop breaches without wasting time. Sysdig Monitor simplifies cloud and Kubernetes monitoring. Christophe Baroux SEMEA Sales Director of Sysdig we focus on solving the problems that the teams need to solve. - Interviews / affiche | Uber | ★★ | |
|
2023-02-08 21:15:10 | CVE-2023-25163 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | Spam Tool Vulnerability | Uber | |
|
2023-02-08 20:15:24 | CVE-2023-25165 (lien direct) | Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. | Tool | Uber | |
|
2023-02-07 17:05:00 | ARMO Integrates ChatGPT to Help Users Secure Kubernetes (lien direct) | Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. | Uber ChatGPT | ★★ | |
|
2023-02-07 11:46:20 | OpenCost : que devient ce projet FinOps pour Kubernetes (lien direct) | Six mois après son lancement officiel, où en est le projet OpenCost, destiné à établir un standard FinOps pour Kubernetes ? | Uber | ★★ | |
 |
2023-02-01 14:59:00 | Auditing Kubernetes with Open Source SIEM and XDR (lien direct) | Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in | Uber | ★★ | |
 |
2023-01-30 00:00:00 | Application Security Roundup - January (lien direct) | So many interesting articles from AI to an organizatoion of socio-technical harms, fascinating incident reports about Uber and Circle CI and some history of attack trees. | Uber Uber | ★★ | |
|
2023-01-26 21:18:16 | CVE-2023-24425 (lien direct) | Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | Uber | ||
|
2023-01-26 21:18:13 | CVE-2023-22736 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the "apps-in-any-namespace" feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `--application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory's publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller. Finally, the AppProjects' `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects' sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug. | Tool Vulnerability | Uber | |
|
2023-01-26 21:18:12 | CVE-2023-22482 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds. | Tool Vulnerability | Uber | |
 |
2023-01-21 12:18:34 | Publisher\'s Weekly Review of A Hacker\'s Mind (lien direct) | Publisher’s Weekly reviewed A Hacker’s Mind—and it’s a starred review! “Hacking is something that the rich and powerful do, something that reinforces existing power structures,” contends security technologist Schneier (Click Here to Kill Everybody) in this excellent survey of exploitation. Taking a broad understanding of hacking as an “activity allowed by the system that subverts the… system,” Schneier draws on his background analyzing weaknesses in cybersecurity to examine how those with power take advantage of financial, legal, political, and cognitive systems. He decries how venture capitalists “hack” market dynamics by subverting the pressures of supply and demand, noting that venture capital has kept Uber afloat despite the company having not yet turned a profit. Legal loopholes constitute another form of hacking, Schneier suggests, discussing how the inability of tribal courts to try non-Native individuals means that many sexual assaults of Native American women go unprosecuted because they were committed by non-Native American men. Schneier outlines strategies used by corporations to capitalize on neural processes and “hack… our attention circuits,” pointing out how Facebook’s algorithms boost content that outrages users because doing so increases engagement. Elegantly probing the mechanics of exploitation, Schneier makes a persuasive case that “we need society’s rules and laws to be as patchable as your computer.” With lessons that extend far beyond the tech world, this has much to offer... | Uber Uber | ★★★ | |
|
2023-01-19 11:38:28 | Le gestionnaire de connexion Keeper ajoute de nouvelles fonctionnalités pour l\'accès au réseau Zero Trust (lien direct) | Keeper Security annonce la dernière mise à jour de Keeper Connection Manager (KCM), fournissant aux équipes DevOps et IT un accès instantané aux terminaux RDP, SSH, aux bases de données et à Kubernetes via un navigateur web - sans VPN. Nouveauté de la version 2.11.0, KCM est désormais capable d'interagir directement avec les bases de données Microsoft SQL Server et PostgreSQL. - Produits | Uber | ★★ | |
|
2023-01-17 09:57:49 | Keeper Connection Manager Adds New, Next-Gen Features for Zero-Trust Network Access (lien direct) | Keeper Connection Manager Adds New, Next-Gen Features for Zero-Trust Network Access. Keeper Security announced the latest update to its Keeper Connection Manager (KCM), which provides DevOps and IT teams with instant access to RDP, SSH, database and Kubernetes endpoints through a web browser- no VPN required. New in version 2.11.0, KCM is now able to interact directly with Microsoft SQL Server and PostgreSQL databases. - Product Reviews | Uber | ★★ | |
 |
2023-01-16 17:00:00 | CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop (lien direct) | According to CTO Rob Zuber, the malware was not detected by the CircleCI antivirus program | Data Breach Malware | Uber | ★★★★ |
|
2023-01-14 01:15:15 | CVE-2023-22480 (lien direct) | KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | Vulnerability | Uber | |
|
2023-01-14 01:15:14 | CVE-2023-22478 (lien direct) | KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. | Uber | ||
|
2023-01-13 15:00:49 | Venafi veröffentlicht Cloud natives Maschinenidentitäts-Management für VMWare Tanzu (lien direct) | Die Integration von Venafis Control Plane für das in Tanzu Service Mesh ermöglicht eine einfache und schnellere, Multi-Cloud- und Multi-Cluster-Sicherheit. Venafi®, bietet maschinelles Identitätsmanagement an, gibt bekannt, dass VMWare das Maschinenidentitäts-Control Plane in sein Tanzu Service Mesh integriert hat. Dank der Venafi-Integration können Tanzu-Anwendern, ihr Service Mesh mit einer vertrauenswürdigen Zertifizierungsstelle (CA) ihrer Wahl integrieren, um gegenseitige Transport Layer Security (mTLS) zwischen Kubernetes-Clustern zu unterstützen. Das sind die Vorteile der Integration des Maschinenidentitäts-Control Planes in das Tanzu Service Mesh: Eine Automatisierung der Ausstellung und Erneuerung von Maschinenidentitäten über Venafi - Software / cybersecurite_home_droite | Uber | ★ | |
|
2023-01-13 06:15:11 | CVE-2022-3841 (lien direct) | RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. | Vulnerability | Uber | |
|
2023-01-12 15:00:00 | Kubernetes-Related Security Projects to Watch in 2023 (lien direct) | Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes. | Uber | ★★ | |
|
2023-01-11 14:13:11 | Kinsing Malware Hits Kubernetes Clusters By Flawed PostgreSQL (lien direct) | As of late, Kubernetes clusters have been actively breached by the Kinsing malware, which exploits vulnerabilities in container images and misconfigured, exposed PostgreSQL containers. While not new, the Defender for Cloud team at Microsoft has noticed a spike in recent months, suggesting that the threat actors are increasingly focusing on narrow access points. Kinsing is […] | Malware Threat | Uber | ★★ |
|
2023-01-10 21:15:12 | CVE-2023-22479 (lien direct) | KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4. | Uber | ||
 |
2023-01-10 21:14:26 | Kubernetes clusters compromised by Kinsing malware (lien direct) | BleepingComputer reports that Kubernetes clusters are being compromised by the Kinsing malware through container image vulnerabilities and misconfigured PostgreSQL containers. | Malware | Uber | ★★ |
|
2023-01-10 17:00:00 | Microsoft: Kinsing Targets Kubernetes via Containers, PostgreSQL (lien direct) | The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments. | Tool | Uber | ★★ |
|
2023-01-09 19:33:00 | Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL (lien direct) | The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week. Kinsing has a storied history of | Threat | Uber | ★★★ |
 |
2023-01-09 16:16:26 | Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (lien direct) | The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...] | Malware | Uber | ★★ |
|
2023-01-09 14:15:09 | CVE-2022-23509 (lien direct) | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. | Vulnerability | Uber | |
|
2023-01-09 13:15:10 | CVE-2022-23508 (lien direct) | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works) | Vulnerability | Uber | |
|
2023-01-03 09:22:36 | Armin Simon, Thales: Secure the Bridge, sei vorbereitet, dass etwas passieren wird, du kannst schon davon ausgehen (lien direct) | Armin Simon: Thales ist ein großer globaler Konzern mit Hauptsitz in Frankreich, 85 000 Mitarbeiter mit den unterschiedlichsten Geschäftsfelder. Ich bin verantwortlich für das Geschäftsfeld Data Protection in Deutschland. Wir haben ein Datenzentrischen Sicherheitsansatz. Wir schützen Data mit Verschlüsselung. Man hat Edward Snowden gefragt ob man sich noch auf irgendwas verlassen kann und er hat gesagt sauber implementierte Verschlüsselung ist eins den wenigen Dinge auf die man sich noch verlassen kann. Das Entscheidende bei der Verschlüsselung ist, wie die Schlüssel aufbewahrt werden und wie sie gemanaged werden. Man kann sich zum Beispiel ein Schloss vorstellen das man nicht brechen kann. Wenn man versucht den Schlüssel zu klauen muss er gut aufbewahrt werden. Dafür haben wir Geräte, die Schlüssel in Hardware generieren und dort belassen, sogenannte Hardware Security Module. Das macht man für besonders wichtige Schlüssel, wie Masterschlüssel, wie zum Beispiel den Root key von Public key Infrastrukturen, oder auch für Datenbanken… Wir sind in moderne Zeiten und die IT Welt verändert sich stark. Ich nenne es gerne verstärkte Virtualisierung. - Interviews / primetime, itsa 2022 de | Uber | ★ | |
|
2023-01-03 06:37:55 | 6 utilitaires open source pour la barre des menus de macOS (lien direct) | Check-up de sécurité, exécution de scripts, monitoring Kubernetes... Voici 6 utilitaires qui exploitent la barre des menus de macOS. | Uber | ★★ |
To see everything:
Our RSS (filtrered)
