What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-29 15:00:00 | After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (lien direct) | How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward. | Uber Uber | ★★ | |
 |
2022-12-23 23:15:08 | CVE-2022-47633 (lien direct) | An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases. | Vulnerability | Uber | |
|
2022-12-23 18:18:27 | Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes (lien direct) | A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware. | Uber | ★★ | |
|
2022-12-21 20:15:09 | CVE-2022-23551 (lien direct) | aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. | Uber | ||
 |
2022-12-21 17:12:56 | GCP-2021-021 (lien direct) | Published:Description Description Severity Notes A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on bare metal security bulletin Medium CVE-2020-8561 | Uber | ★★★ | |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-021 (lien direct) | Published: 2022-10-27Updated: 2022-12-15Description Description Severity Notes 2022-12-15 Update: Updated information that version 1.21.14-gke.9400 of Google Kubernetes Engine is pending rollout and may be superseded by a higher version number. 2022-11-22 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-3176 | Vulnerability Guideline | Uber | ★★★ |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-017 (lien direct) | Published: 2022-06-29 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: Workloads using GKE Sandbox are not affected by these vulnerabilities. 2022-07-21 Update: additional information on Anthos clusters on VMware. A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786 | Vulnerability | Uber | ★★★ |
|
2022-12-21 17:12:56 | GCP-2022-014 (lien direct) | Published: 2022-04-26 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: GKE Autopilot clusters and workloads running in GKE Sandbox are unaffected. 2022-05-12 Update: The Anthos clusters on AWS and Anthos on Azure versions have been updated. For instructions and more details, see the:Anthos clusters on AWS security bulletin Anthos on bare metal security bulletin Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1055 CVE-2022-27666 | Guideline | Uber | ★★★ |
|
2022-12-21 17:12:56 | GCP-2022-013 (lien direct) | Published: 2022-04-11 Updated: 2022-04-22Description Description Severity Notes A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin Medium CVE-2022-23648 | Vulnerability | Uber | ★★★ |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-012 (lien direct) | Published: 2022-04-07 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: For GKE clusters in both modes, Standard and Autopilot, workloads using GKE Sandbox are unaffected. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later) Anthos clusters on VMware v1.10 for Container-Optimized OS images Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-0847 | Vulnerability | Uber | ★★★ |
|
2022-12-21 17:12:56 | GCP-2022-002 (lien direct) | Published:Updated:Description Description Severity Notes 2022-02-25 Update: The GKE versions have been updated. For instructions and more details, see the: GKE security bulletin 2022-02-23 Update: The GKE and Anthos clusters on VMware versions have been updated. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin 2022-02-04 Update: The rollout start date for GKE patch versions was February 2. Note: Your clusters might not have these versions available immediately. Rollouts began on February 2 and take four or more business days to be completed across all Google Cloud zones. Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure. Pods using GKE Sandbox are not vulnerable to these vulnerabilities. See the COS release notes for more details. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin High CVE-2021-4154 CVE-2021-22600 CVE-2022-0185 | Guideline | Uber | ★★★ |
|
2022-12-21 17:12:56 | GCP-2022-011 (lien direct) | Published: 2022-03-22 Updated: 2022-08-11Description Description Severity Update 2022-08-11: Added more information about the Simultaneous Multi-Threading (SMT) configuration. SMT was intended to be disabled, but was enabled on the versions listed. If you manually enabled SMT for a sandboxed node pool, SMT will remain manually enabled despite this issue. There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions: 1.22.4-gke.1501 1.22.6-gke.300 1.23.2-gke.300 1.23.3-gke.600 For instructions and more details, see the: GKE security bulletin. Medium | Uber | ★★★ | |
|
2022-12-21 15:51:51 | Understanding the 3 Classes of Kubernetes Risk (lien direct) | The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated. | Uber | ★★ | |
|
2022-12-21 15:51:30 | How to Run Kubernetes More Securely (lien direct) | The open source container tool is quite popular among developers - and threat actors. Here are a few ways DevOps teams can take control. | Tool Threat | Uber | ★★ |
 |
2022-12-21 08:00:00 | Générez votre propre musique avec Mubert (lien direct) | Bon, je pense que je vous ai assez bassiné avec Stable Diffusion et MidJourney pour la génération d’image. Je pense que maintenant, vous êtes bien tous au courant que ça existe. Mais saviez-vous qu’il y a exactement la même chose mais pour la musique ? Que ce soit à partir … Suite | Uber | ★★ | |
|
2022-12-20 19:15:25 | CVE-2022-4515 (lien direct) | A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | Uber | ||
 |
2022-12-15 20:51:24 | Expanding the App Defense Alliance (lien direct) | Posted by Brooke Davis, Android Security and Privacy Team The App Defense Alliance launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective | Malware Guideline Prediction | Uber | ★★ |
|
2022-12-15 19:15:17 | CVE-2022-23526 (lien direct) | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions. | Tool | Uber | |
|
2022-12-15 19:15:17 | CVE-2022-23525 (lien direct) | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions. | Tool | Uber | |
|
2022-12-15 19:15:16 | CVE-2022-23524 (lien direct) | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions. | Tool | Uber | |
 |
2022-12-15 14:00:27 | Latest Uber Breach Underscores Third-Party Vendor Security Challenges (lien direct) | Uber is back in the spotlight, this time for a breach involving a third-party vendor. According to reports, an attacker accessed the vendor organization's public cloud backup server, obtaining and then leaking sensitive Uber data,... | Uber Uber | ★★ | |
 |
2022-12-14 16:15:23 | CyberArk : Nouvelle cyberattaque ciblant Uber, une sécurité de l\'identité à renforcer (lien direct) | Après une première attaque en septembre dernier, l'entreprise américaine de VTC Uber a été ces derniers jours de nouveau victime d'un piratage. Celui-ci a entrainé une fuite de données, concernant plus de 77 000 employés de l'organisation. David Higgins, directeur technique chez CyberArk livre l'analyse suivante sur la cyberattaque - Malwares | Uber Uber | ★★ | |
|
2022-12-14 10:22:28 | Comment: CybelAngel CISO on Uber suffering new data breach (lien direct) | Following the news that Uber suffers new data breach after attack on vendor, Todd Carrol CISO at CybelAngel questions the integrity of Ubers decisions on Cybersecurity. - Malware Update | Data Breach | Uber Uber | ★ |
 |
2022-12-14 09:57:20 | Lapsus$ is back ? Nouvelles fuites de données pour Uber (lien direct) | Uber Technologies Inc. a déclaré enquêter sur un nouvel incident impliquant le piratage d'un partenaire et qui aurait conduit à une violation des données de l'entreprise. Une nouvelle fuite signée Lapsus$ ?... | Uber Uber | ★★ | |
 |
2022-12-13 22:46:56 | Uber staff info leaks after IT supply chain attack (lien direct) | Records swiped from pwned supplier Teqtivity, dumped online Uber, which has suffered a few data thefts in its time, is this week dealing with the fallout from more information being stolen, this time through one of its technology suppliers.… | Uber Uber | ★★ | |
 |
2022-12-13 20:32:46 | Tequivity Cloud Server Compromise Leads to Uber Breached, Experts Reacted (lien direct) | Uber experienced yet another prominent data breach that exposed private employee and business information. This time, attackers gained access to the company through a Tequivity cloud server that was used by Amazon Web Services (AWS), which gives Uber asset management and tracking services. The incident was initially reported by the New York Times. The hacker […] | Data Breach | Uber Uber | ★★★ |
 |
2022-12-13 16:00:00 | Uber Hit By New Data Breach After Attack on Third-Party Vendor (lien direct) | Company information was stolen from third-party vendor Teqtivity and posted on a dark web forum | Data Breach | Uber Uber | ★★ |
|
2022-12-13 14:59:10 | Comment from cyber-expert on Uber data breach (lien direct) | After the news about Uber suffering a new data breach after an attack on the vendor with sensitive information being leaked online the comment Chris Vaughan, AVP - Technical Account Management, EMEA, Tanium on the breach and its implications – as well as advice for companies to avoid similar incidents in future. - Malware Update | Data Breach | Uber Uber | ★ |
|
2022-12-13 14:17:48 | Expert commentary: UberLeaks data breach (lien direct) | the comment from Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions about UberLeaks data breach. - Malware Update | Data Breach | Uber | ★ |
 |
2022-12-13 10:35:25 | Uber Data Leaked Following Breach at Third-Party Vendor (lien direct) | Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor. Over the weekend, a user with the moniker 'UberLeak' made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems. | Uber Uber | ★★★ | |
 |
2022-12-13 07:20:00 | More Uber data exposed in possible supply chain attack (lien direct) | Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor. Over the weekend, a user with the moniker 'UberLeak' made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems. | Uber Uber | ★★ | |
 |
2022-12-12 13:30:18 | Uber suffers new data breach after attack on vendor, info leaked online (lien direct) | Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [...] | Data Breach Threat | Uber Uber | ★ |
 |
2022-12-12 10:43:03 | Kubernetes 1.26 : changement de registre pour l\'orchestrateur (lien direct) | Pilotes, registres, monitoring... Voici quelques fonctionnalités de Kubernetes stabilisées avec la version 1.26. | Uber | ★★ | |
 |
2022-12-12 02:00:00 | 14 lessons CISOs learned in 2022 (lien direct) | We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach.These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.To read this article in full, please click here | Uber | ★★ | |
|
2022-12-09 16:25:37 | HPE GreenLake opte aussi pour le service Kubernetes d\'AWS (lien direct) | Hewlett Packard Enterprise étend les options de déploiement de conteneurs avec l'outil Amazon EKS Anywhere de l'hyperscaler cloud AWS. | Uber | ★★ | |
|
2022-12-07 23:15:09 | CVE-2022-23471 (lien direct) | containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. | Uber | ||
 |
2022-12-06 11:00:00 | Employee onboarding needs to be engaging - But how can security be preserved? (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The tech professional labor market is an extremely competitive and difficult place right now. The stakes are so high that CNBC has highlighted certain companies that are offering paid vacations before new hires even begin the job. This is a great environment for workers, and is something pushing employer standards higher and higher. This includes the onboarding process, in which employees are brought into the fold and then provided with all of the setup they need to get a running start in the business. As companies seek to move through the onboarding process quickly, cyber risks are presented - as with any expedited business process. Sensitive data exchange As part of the onboarding process, employees will need to exchange sensitive personal data. Indeed, having a well-structured “day 1” plan in which pay schedules, security codes, personal information and HR data is exchanged is absolutely crucial to maintaining good employee service and ensuring engagement. Dealing with these requests in a quick fashion achieves that, but it’s also important to note that this is where security risks can occur. Indeed, US News highlights the fact that 2022 has been a bumper year for data breaches; Microsoft, Uber, Ronin and News Corp have all experienced huge attacks. In order to ensure that sensitive data can be exchanged safely, a holistic review of corporate and third-party security systems is essential. Secure portals, to allow the transfer of data into the business from the employee onboarding, will protect both parties. Protecting corporate data With employees in the corporate system, it’s important that they have immediate access to local resources and knowledge to start their development and to support their work as they get going. It’s important that these knowledge bases have significant and accurate resources, but they also need to be protected. Corporate cyber espionage is a serious risk; according to Security Magazine, hundreds of millions of dollars of damage was inflicted in 2020-21 through corporate information theft. Accordingly, operating a stringent data management policy and ensuring files are maintained securely is key. Generating social connections A key benefit that companies can offer employees is networking. Being a conduit for new industry connections and all the benefits that comes from that is a key part of onboarding - but, as with other aspects, it brings risks. Bringing a new employee into the fold and then putting them in touch with established networks brings its own risks and, furthermore, without the familiarity that existing employees have with corporate networks, there is a definite risk of exposing those networks to additional risk and cyber threats. As with all corporate cybersecurity solutions, the key to securing social networking and promoting assurance comes in the form of systems checks. That’s staying up to date with high quality security technology, keeping check of what valuable data and assets are being shared, and ensuring that employees are aware of their security responsibilities. | Uber | ★★★ | |
|
2022-12-02 19:15:11 | CVE-2022-46167 (lien direct) | Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available. | Uber | ||
|
2022-11-27 03:15:11 | CVE-2022-45933 (lien direct) | KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." | Uber | ||
|
2022-11-22 09:37:54 | Jens Sabitzer, Venafi: Viele Securityteams sind nicht in der Lage, auf Augenhöhe mit ihren eigenen Kollegen zu sprechen (lien direct) | Im Prinzip zwei große Bereiche. Wir haben uns vor etwa 2 Jahren mit einer Firma zusammengetan, die im Kubernetes-Umfeld sehr bekannt ist, nämlich Jetsack. Jetsack hat die Open-Source-Lösung cert-manager entwickelt. Das ist im Prinzip der de-facto-Standard für Zertifikatsverwaltung im Kubernetes-Umfeld. Bei 9 von 10 Clustern, ist das, nachdem die Grundinstallation fertig ist, das erste, was ich installiere. In den letzten zwei Jahren haben wir die Partnerschaft intensiviert, wir haben jetzt die ersten Lösungen, die wir gemeinsam auf den Markt bringen. Wir haben uns aber auch dazu entschlossen, den cert-manager der Cloud Native Foundation zu stiften. Das heißt, jeder, der den cert-manager heute nutzt, die Gewissheit hat, dass wir das nicht zu einem closed doors Projekt machen. Sicherlich werden wir weitere Enterprise Features add-on liefern, aber der Core, der cert-manager, ist gestiftet und wird Open Source bleiben. - Interviews | Uber | ★★★ | |
|
2022-11-22 09:36:29 | Georg Gann, Yubico: Ich muss heutzutage phishingresistent sein! (lien direct) | In einem Report, den Microsoft veröffentlicht hat, wurde betrachtet, wieviele erfolgreiche Phishing-Angriffe es innerhalb von 8 Monaten in Unternehmen gab, die Azure MFA aktiviert hatten. Das Resultat: etwa 10.000 erfolgreiche Angriffe trotz Azure MFA. Das heißt, dort wurde SMS-Push oder OTP genutzt. Wir haben jetzt gerade beim Uber-Breach gesehen, wie relativ einfach ein OTP abgephisht wurde. Meine Message an alle die heute MFA nutzen wollen: Nutzt Protokolle, die phishingresistent sind. Entweder Smartcard oder Zertifikat, für alles was On-Premise oder Legacy ist, für alles was in der Cloud ist, so wie Azure AD oder aws, immer Fido 2. Alles andere ist inzwischen phishbar. OTP ist 30 Jahre alt. Wenn ich heute sicher sein will, brauche ich phishingresistente Authentifizierung, denn 80% aller erfolgreichen Angriffe geht Stand heute immer noch über das Phishing von Identitäten. Bei ganz vielen, auch großen Unternehmen, werden initial immer noch Passwort oder OTP oder Push verwendet. Diese Art der MFAs funktioniert heute nicht mehr. Die Welt hat sich im letzten halben Jahr so schnell geändert, dass ich heutzutage phishingresistent sein muss. Und phishingresistent heißt FIDO oder Smartcard. Meiner Meinung nach muss das passieren. - Interviews | Threat | Uber | ★★★★ |
|
2022-11-19 01:15:13 | CVE-2022-41939 (lien direct) | knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. | Uber | ||
 |
2022-11-10 18:03:26 | White House cyber official advocates nimbler NATO to confront digital threats (lien direct) | >White House official Anne Neuberger met with NATO officials in Rome to help craft plans to more rapidly respond to cyberthreats. | Uber | ||
|
2022-11-09 15:25:20 | Authentification multifacteur, hacktivisme et cyber-attribution : les prédictions de Darktrace (lien direct) | 1. Les techniques des hackers se focalisent sur l'identité et l'authentification multifacteurs La récente attaque d'Uber n'est qu'un cas parmi d'autres où le système d'authentification multifactorielle (AMF) de la victime a été compromis. Le vol et le détournement d'informations d'identification légitimes sont la cause principale de la grande majorité des cyber incidents. Dans le cas d'Uber, nous avons vu que l'authentification multifactorielle peut être facilement déjouée. Avec l'affaire Okta, nous (...) - Points de Vue | Uber | ||
 |
2022-11-08 14:00:00 | Millions Lost in Minutes - Mitigating Public-Facing Attacks (lien direct) | >In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by […] | Data Breach | Uber | |
 |
2022-11-07 12:17:15 | The Conviction of Uber\'s Chief Security Officer (lien direct) | I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading. | Uber | ||
|
2022-11-06 15:53:32 | OpenSSL-Schwachstellen: Patch verfügbar, aber nicht mehr kritisch (lien direct) | Die Katze ist aus dem Sack. Der Patch ist verfügbar und anstatt einer kritischen Schwachstelle, gab es zwei, die allerdings nur noch „hoch“ und nicht mehr „kritisch“ sind. Doch für IT-Abteilungen heißt es dennoch, diese Schwachstellen zu beheben, denn das Patchen dieser OpenSSL-Schwachstellen mit den Bezeichnungen CVE-2022-3786 and CVE-2022-3602: X.509 ist nur der Anfang. Vielmehr zeigen sie wieder einmal auf, wie unsicher Maschinenidentitäten sein können, wenn sich Bedrohungsakteure ihrer bemächtigen und sich als vertrauenswürdige Dienste ausgeben. Egal, ob ein Unternehmen in der Cloud in Azure arbeitet, Kubernetes in Amazon AWS nutzt oder Apache in einem Rechenzentrum verwendet, das gesamte digitale Geschäft erfordert eine sichere Authentifizierung von Maschinenidentitäten. Die Schwachstellen in OpenSSL zeigen, - Sicherheitslücken | Uber | ||
|
2022-11-02 07:48:17 | Pure Storage étend son modèle " as-a-service " à l\'ensemble des offres Portworx et lance la nouvelle génération de Portworx Enterprise (lien direct) | Pure Storage étend son modèle " as-a-service " à l'ensemble des offres Portworx et lance la nouvelle génération de Portworx Enterprise. Les ingénieurs plateforme peuvent désormais exécuter Kubernetes en production à grande échelle avec des performances et une fiabilité de nouvelle génération, en quelques secondes seulement - Produits | Uber | ||
|
2022-10-27 17:00:00 | Kiss-a-Dog Cryptojacking Campaign Targets Docker and Kubernetes (lien direct) | The threat actors also utilized user and kernel mode rootkits to hide the activity | Threat | Uber | |
 |
2022-10-27 13:25:00 | New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances (lien direct) | A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured | Uber |
To see everything:
Our RSS (filtrered)
