This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T19:11:45+00:00 www.secnews.physaphae.fr InformationSecurityBuzzNews - Site de News Securite 2022-06-08T12:08:30+00:00 https://informationsecuritybuzz.com/expert-comments/google-ordered-to-pay-australian-politician-over-defamatory-youtube-videos/ www.secnews.physaphae.fr/article.php?IdArticle=5039800 False None Uber None Checkpoint - Fabricant Materiel Securite By Dotan Nahum Kubernetes powers significant automation capabilities for developers in deploying, managing, scaling, and ensuring the availability of containerized apps. Data from 2021 shows that adoption continues to rise with over 5.6 million developers now using the industry's favored container orchestration engine. However, Kubernetes and containerization introduce new complexities that pose unique security challenges. In fact, Red Hat's… ]]> 2022-06-07T11:00:55+00:00 https://blog.checkpoint.com/2022/06/07/4-tips-for-an-airtight-kubernetes-security-policy/ www.secnews.physaphae.fr/article.php?IdArticle=5020984 False None Uber None TechRepublic - Security News US Jack Wallen shows you how to install Docker Desktop and extend it with Kubernetes and Portainer support. ]]> 2022-06-06T19:31:50+00:00 https://www.techrepublic.com/article/how-to-install-docker-desktop-kubernetes-support/ www.secnews.physaphae.fr/article.php?IdArticle=5015492 False None Uber None Ars Technica - Risk Assessment Security Hacktivism 2022-05-27T18:09:17+00:00 https://arstechnica.com/?p=1856850 www.secnews.physaphae.fr/article.php?IdArticle=4843214 False None Uber None TrendLabs Security - Editeur Antivirus ]]> 2022-05-24T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/e/the-fault-in-our-kubelets-analyzing-the-security-of-publicly-exposed-kubernetes-clusters.html www.secnews.physaphae.fr/article.php?IdArticle=4783507 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29179 www.secnews.physaphae.fr/article.php?IdArticle=4720674 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29165 www.secnews.physaphae.fr/article.php?IdArticle=4717170 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24905 www.secnews.physaphae.fr/article.php?IdArticle=4717094 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24904 www.secnews.physaphae.fr/article.php?IdArticle=4717093 False Tool,Vulnerability Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-05-20T11:11:36+00:00 https://threatpost.com/380k-kubernetes-api-servers-exposed-to-public-internet/179679/ www.secnews.physaphae.fr/article.php?IdArticle=4712346 False None Uber None CSO - CSO Daily Dashboard both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here]]> 2022-05-19T02:00:00+00:00 https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4704406 False Data Breach,Hack Uber,Uber None SecurityWeek - Security News 2022-05-18T12:09:53+00:00 https://www.securityweek.com/over-380000-kubernetes-api-servers-exposed-internet-shadowserver www.secnews.physaphae.fr/article.php?IdArticle=4688155 False None Uber None GoogleSec - Firm Security Blog GKE Sandbox to strengthen the container security boundary. Over the last few months, GKE Sandbox has protected containers running it against several newly discovered Linux kernel breakout CVEs.Adopt GKE Autopilot for new clusters. Autopilot clusters have default policies that prevent host access through mechanisms like host path volumes and host network. The container runtime default seccomp profile is also enabled by default on Autopilot which has prevented several breakouts.Subscribe to GKE Release Channels and use autoupgrade to keep nodes patched automatically against kernel vulnerabilities.Run Google's Container Optimized OS, the minimal and hardened container optimized OS that makes much of the disk read-only.Incorporate binary authorization into your SDLC to require that containers admitted into the cluster are from trusted build systems and up-to-date on patching.Use Secure Command Center's Container Threat Detection or supported third-party tools to detect the most common runtime attacks.More information can be found in the GKE Hardening Guide.How GKE is reducing the use of privileged pod]]> 2022-05-18T09:03:33+00:00 http://security.googleblog.com/2022/05/privileged-pod-escalations-in.html www.secnews.physaphae.fr/article.php?IdArticle=4687661 False Tool,Threat Uber None ComputerWeekly - Computer Magazine 2022-05-18T06:45:00+00:00 https://www.computerweekly.com/news/252518344/Portworx-adds-anti-ransomware-to-PX-Backup-for-Kubernetes www.secnews.physaphae.fr/article.php?IdArticle=4685733 False None Uber None TechRepublic - Security News US Read this feature comparison of two premier DevOps platforms: Kubernetes and Docker. ]]> 2022-05-17T15:25:36+00:00 https://www.techrepublic.com/article/kubernetes-vs-docker/ www.secnews.physaphae.fr/article.php?IdArticle=4669564 False None Uber None Zataz - Magazine Francais de secu 2022-05-14T15:57:02+00:00 https://www.zataz.com/les-chauffeurs-uber-victimes-darnaques-aux-faux-comptes-clients/ www.secnews.physaphae.fr/article.php?IdArticle=4614994 False None Uber,Uber None TechRepublic - Security News US 2022-05-06T20:39:31+00:00 https://www.techrepublic.com/article/your-open-source-project-definitely-should-not-next-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4558782 False None Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24878 www.secnews.physaphae.fr/article.php?IdArticle=4553469 False Vulnerability Uber 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24877 www.secnews.physaphae.fr/article.php?IdArticle=4553468 False Vulnerability Uber 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29171 www.secnews.physaphae.fr/article.php?IdArticle=4553627 False None Uber 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T00:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29164 www.secnews.physaphae.fr/article.php?IdArticle=4553624 False None Uber 4.0000000000000000 CrowdStrike - CTI Society 2022-05-03T08:37:30+00:00 https://www.crowdstrike.com/blog/understanding-cve-2022-23648-kubernetes-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=4537612 False Vulnerability Uber None Ars Technica - Risk Assessment Security Hacktivism 2022-05-02T17:46:12+00:00 https://arstechnica.com/?p=1851569 www.secnews.physaphae.fr/article.php?IdArticle=4533810 False None Uber None TechRepublic - Security News US 2022-04-29T18:48:27+00:00 https://www.techrepublic.com/article/jenkins-vs-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4523716 False None Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-04-28T17:15:00+00:00 https://www.infosecurity-magazine.com/news/uber-cough-girl-accused-of/ www.secnews.physaphae.fr/article.php?IdArticle=4518204 False None Uber,Uber None SecurityWeek - Security News 2022-04-27T11:52:01+00:00 https://www.securityweek.com/armo-raises-30-million-open-source-kubernetes-security-platform www.secnews.physaphae.fr/article.php?IdArticle=4513175 False None Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (published: April 25, 2022) Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables. Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | ]]> 2022-04-26T16:24:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gamaredon-delivers-four-pterodos-at-once-known-plaintext-attack-on-yanlouwang-encryption-north-korea-targets-blockchain-industry-and-more www.secnews.physaphae.fr/article.php?IdArticle=4508976 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Medical APT 38,Uber,APT 28 None TechRepublic - Security News US 2022-04-25T20:30:33+00:00 https://www.techrepublic.com/article/terraform-vs-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4505566 False None Uber 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-04-21T19:54:06+00:00 https://informationsecuritybuzz.com/expert-comments/cybercriminals-are-shifting-their-gaze-to-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4489727 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-04-20T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0567 www.secnews.physaphae.fr/article.php?IdArticle=4482954 False None Uber None TechRepublic - Security News US 2022-04-20T12:00:02+00:00 https://www.techrepublic.com/article/cybercriminals-finding-new-target-cloud-environments/ www.secnews.physaphae.fr/article.php?IdArticle=4481565 False None Uber None TechRepublic - Security News US 2022-04-15T21:13:57+00:00 https://www.techrepublic.com/article/ansible-vs-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4460109 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-04-11T20:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24829 www.secnews.physaphae.fr/article.php?IdArticle=4431814 False Guideline Uber None The Last Watchdog - Blog Sécurité de Byron V Acohido recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report's … (more…) ]]> 2022-03-28T12:29:36+00:00 https://www.lastwatchdog.com/meeting-the-security-challenges-of-cloud-native-with-zero-trust/ www.secnews.physaphae.fr/article.php?IdArticle=4353115 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-03-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0759 www.secnews.physaphae.fr/article.php?IdArticle=4342360 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24768 www.secnews.physaphae.fr/article.php?IdArticle=4332510 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24730 www.secnews.physaphae.fr/article.php?IdArticle=4331949 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24731 www.secnews.physaphae.fr/article.php?IdArticle=4331950 False Tool,Vulnerability Uber None Schneier on Security - Chercheur Cryptologue Américain News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. […] Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors. But there's been no sign so far of major disruptive hacks against U.S. targets even as the government has imposed increasingly harsh sanctions that have battered the Russian economy. The public alert followed classified briefings government officials conducted last week for more than 100 companies in sectors at the highest risk of Russian hacks, Neuberger said. The briefing was prompted by “preparatory activity” by Russian hackers, she said. ...]]> 2022-03-22T14:57:33+00:00 https://www.schneier.com/blog/archives/2022/03/white-house-warns-of-possible-russian-cyberattacks.html www.secnews.physaphae.fr/article.php?IdArticle=4324342 False None Uber None TechRepublic - Security News US 2022-03-21T20:06:08+00:00 https://www.techrepublic.com/article/kubernetes-vulnerabilities-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=4319579 False Ransomware Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-03-17T00:37:22+00:00 https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html www.secnews.physaphae.fr/article.php?IdArticle=4296741 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-16T15:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0811 www.secnews.physaphae.fr/article.php?IdArticle=4293057 False None Uber None SecurityWeek - Security News 2022-03-16T12:41:17+00:00 https://www.securityweek.com/severe-vulnerability-patched-cri-o-container-engine-kubernetes www.secnews.physaphae.fr/article.php?IdArticle=4291923 False Vulnerability Uber None ComputerWeekly - Computer Magazine 2022-03-16T07:45:00+00:00 https://www.computerweekly.com/news/252514667/Kubernetes-vulnerability-underscores-repeated-security-warnings www.secnews.physaphae.fr/article.php?IdArticle=4291446 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-15T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27209 www.secnews.physaphae.fr/article.php?IdArticle=4287162 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-03-15T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27210 www.secnews.physaphae.fr/article.php?IdArticle=4287163 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-15T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27211 www.secnews.physaphae.fr/article.php?IdArticle=4287164 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-03-15T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27208 www.secnews.physaphae.fr/article.php?IdArticle=4287161 False None Uber None CybeReason - Vendor blog When developing Java applications that run on Kubernetes, one of our key tasks before we head to production is testing our app in high loads of data and validating its ability to scale. It is only then that we often find memory leaks or configurations that were not properly tuned which could lead to excessive memory consumption and finally crash our app. ]]> 2022-03-15T13:01:50+00:00 https://www.cybereason.com/blog/how-to-prevent-out-of-memory-in-java-based-kubernetes-pods www.secnews.physaphae.fr/article.php?IdArticle=4284882 False Guideline Uber None CrowdStrike - CTI Society 2022-03-15T12:19:11+00:00 https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ www.secnews.physaphae.fr/article.php?IdArticle=4297035 True Vulnerability,Threat Uber None CrowdStrike - CTI Society 2022-03-15T12:19:11+00:00 https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ www.secnews.physaphae.fr/article.php?IdArticle=4284922 False Vulnerability,Threat Uber None CVE Liste - Common Vulnerability Exposure 2022-03-10T17:47:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26311 www.secnews.physaphae.fr/article.php?IdArticle=4255919 False None Uber None Palo Alto Network - Site Constructeur 2022-03-08T14:00:57+00:00 https://www.paloaltonetworks.com/blog/2022/03/gke-autopilot-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=4263164 False None Uber None TroyHunt - Blog Security 2022-03-07T19:09:29+00:00 https://arstechnica.com/?p=1838687 www.secnews.physaphae.fr/article.php?IdArticle=4242704 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-03-03T14:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23648 www.secnews.physaphae.fr/article.php?IdArticle=4221858 False None Uber None CyberSecurityVentures - cybersecurity services 2022-02-25T14:16:55+00:00 https://cybersecurityventures.com/teamtnt-cryptocriminals-target-linux-servers-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=4182780 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-02-22T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23652 www.secnews.physaphae.fr/article.php?IdArticle=4168561 False Vulnerability Uber None InformationSecurityBuzzNews - Site de News Securite 2022-02-17T13:29:28+00:00 https://informationsecuritybuzz.com/expert-comments/google-almost-doubles-linux-kernel-kubernetes-zero-day-rewards/ www.secnews.physaphae.fr/article.php?IdArticle=4138668 False None Uber None IT Security Guru - Blog Sécurité 2022-02-16T11:36:03+00:00 https://www.itsecurityguru.org/2022/02/16/google-doubles-bug-bounties/?utm_source=rss&utm_medium=rss&utm_campaign=google-doubles-bug-bounties www.secnews.physaphae.fr/article.php?IdArticle=4138111 False None Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline APT 43,Uber,APT 36,APT-C-17 None SecurityWeek - Security News 2022-02-15T19:09:27+00:00 https://www.securityweek.com/google-offering-91000-rewards-linux-kernel-gke-zero-days www.secnews.physaphae.fr/article.php?IdArticle=4135163 False None Uber None GoogleSec - Firm Security Blog expansion of kCTF VRP on November 1, 2021 in which we paid 31,337 to 50,337 USD to those that are able to compromise our kCTF cluster and obtain a flag. We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations. We consider the expansion to have been a success, and because of that we would like to extend it even further to at least until the end of the year (2022).During the last three months, we received 9 submissions and paid over 175,000 USD so far. The submissions included five 0days and two 1days. Three of these are already fixed and are public: CVE-2021-4154, CVE-2021-22600 (patch) and CVE-2022-0185 (writeup). These three bugs were first found by Syzkaller, and two of them had already been fixed on the mainline and stable versions of the Linux Kernel at the time they were reported to us.Based on our experience these last 3 months, we made a few improvements to the submission process:Reporting a 0day will not require including a flag at first. We heard some concerns from participants that exploiting a 0day in the shared cluster could leak it to other participants. As such, we will only ask for the exploit checksum (but you still have to exploit the bug and submit the flag within a week after the patch is merged on mainline). Please make sure that your exploit works on COS with minimal modifications (test it on your own kCTF cluster), as some common exploit primitives (like eBPF and userfaultfd) might not be available.Reporting a 1day will require including a link to the patch. We will automatically publish the patches of all submissions if the flag is valid. We also encourage you all to include a link to a Syzkaller dashboard report if applicable in order to help reduce duplicate submissions and so you can see which bugs were exploited already.You will be able to submit the exploit in the same form you submit the flag. If you had submitted an exploit checksum for a 0day, please make sure that you include the original exploit as well as the final exploit and make sure to submit it within a week after the patch is merged on mainline. The original exploit shouldn't require major modifications to work. Note that we need to be able to understand your exploit, so please add comments to explain what it is doing.We are now running two clusters, one on the REGULAR release channel and another one on the RAPID release channel. This should provide more flexibility whenever a vulnerability is only exploitable on modern versions of the Linux Kernel or Kubernetes.We are also changing the reward structure ]]> 2022-02-14T12:07:20+00:00 http://security.googleblog.com/2022/02/roses-are-red-violets-are-blue-giving.html www.secnews.physaphae.fr/article.php?IdArticle=4593791 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-02-10T16:39:04+00:00 https://threatpost.com/sap-threat-briefing-severe-icmad-bugs/178344/ www.secnews.physaphae.fr/article.php?IdArticle=4106031 False Threat Uber None Security Affairs - Blog Secu 2022-02-06T13:49:13+00:00 https://securityaffairs.co/wordpress/127708/hacking/kubernetes-argo-cd-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=kubernetes-argo-cd-flaw www.secnews.physaphae.fr/article.php?IdArticle=4088680 False Tool Uber None 01net. Actualites - Securite - Magazine Francais ]]> 2022-02-06T12:12:00+00:00 https://www.01net.com/actualites/hacking-comment-l-esprit-des-origines-a-ete-perverti-et-uberise-par-les-geants-de-la-tech-2054127.html www.secnews.physaphae.fr/article.php?IdArticle=4090512 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-02-05T21:48:25+00:00 https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html www.secnews.physaphae.fr/article.php?IdArticle=4088212 False Tool,Vulnerability Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-02-04T18:30:00+00:00 https://www.infosecurity-magazine.com/news/major-vulnerability-found-in-argo/ www.secnews.physaphae.fr/article.php?IdArticle=4082256 False Vulnerability Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-02-04T18:26:07+00:00 https://threatpost.com/argo-cd-security-bug-kubernetes-cloud-apps/178239/ www.secnews.physaphae.fr/article.php?IdArticle=4082110 False None Uber None Bleeping Computer - Magazine Américain 2022-02-04T10:43:31+00:00 https://www.bleepingcomputer.com/news/security/argo-cd-vulnerability-leaks-sensitive-info-from-kubernetes-apps/ www.secnews.physaphae.fr/article.php?IdArticle=4081122 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-02-01T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8562 www.secnews.physaphae.fr/article.php?IdArticle=4065145 False None Uber None CrowdStrike - CTI Society 2022-01-31T23:11:00+00:00 https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=4062062 False None Uber None Krebs on Security - Chercheur Américain 2022-01-29T18:05:52+00:00 https://krebsonsecurity.com/2022/01/fake-investor-john-bernard-sinks-norwegian-green-shipping-dreams/ www.secnews.physaphae.fr/article.php?IdArticle=4051800 False None Uber,Uber None CVE Liste - Common Vulnerability Exposure 2022-01-25T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0270 www.secnews.physaphae.fr/article.php?IdArticle=4032398 False None Uber None Bleeping Computer - Magazine Américain 2022-01-25T11:56:28+00:00 https://www.bleepingcomputer.com/news/security/linux-kernel-bug-can-let-hackers-escape-kubernetes-containers/ www.secnews.physaphae.fr/article.php?IdArticle=4031336 False Vulnerability Uber None Graham Cluley - Blog Security 2022-01-20T12:07:15+00:00 https://grahamcluley.com/smashing-security-podcast-258/ www.secnews.physaphae.fr/article.php?IdArticle=4002945 False None Uber None CVE Liste - Common Vulnerability Exposure 2022-01-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21701 www.secnews.physaphae.fr/article.php?IdArticle=4000019 False Vulnerability Uber None Marco Ramilli - Blog 2022-01-18T07:10:35+00:00 https://marcoramilli.com/2022/01/18/building-your-kubernets-cluster-for-cybersecurity-prototyping/ www.secnews.physaphae.fr/article.php?IdArticle=3984935 False None Uber None Ars Technica - Risk Assessment Security Hacktivism 2022-01-11T17:57:10+00:00 https://arstechnica.com/?p=1824991 www.secnews.physaphae.fr/article.php?IdArticle=3947864 False None Uber,Uber None CyberArk - Software Vendor 2022-01-11T17:00:50+00:00 https://www.cyberark.com/blog/3-kubernetes-risks-and-what-to-do-about-them/ www.secnews.physaphae.fr/article.php?IdArticle=4593629 False None Uber 4.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-01-05T20:49:37+00:00 https://threatpost.com/uber-bug-ignored-emails/177395/ www.secnews.physaphae.fr/article.php?IdArticle=3928820 False None Uber,Uber None UnderNews - Site de news "pirate" francais Le système de messagerie d'Uber affecté par une faille critique ? first appeared on UnderNews.]]> 2022-01-05T17:29:59+00:00 https://www.undernews.fr/alertes-securite/le-systeme-de-messagerie-duber-affecte-par-une-faille-critique.html www.secnews.physaphae.fr/article.php?IdArticle=3927947 False None Uber,Uber None IT Security Guru - Blog Sécurité 2022-01-04T13:44:32+00:00 https://www.itsecurityguru.org/2022/01/04/vulnerability-lets-anyone-send-emails-from-uber-com/?utm_source=rss&utm_medium=rss&utm_campaign=vulnerability-lets-anyone-send-emails-from-uber-com www.secnews.physaphae.fr/article.php?IdArticle=3922997 False Vulnerability,Threat Uber,Uber None Bleeping Computer - Magazine Américain 2022-01-02T09:48:35+00:00 https://www.bleepingcomputer.com/news/security/uber-dismisses-vulnerability-that-lets-you-email-anyone-as-uber/ www.secnews.physaphae.fr/article.php?IdArticle=3916751 False Vulnerability Uber,Uber None Bleeping Computer - Magazine Américain 2022-01-02T09:48:35+00:00 https://www.bleepingcomputer.com/news/security/uber-ignores-vulnerability-that-lets-you-send-any-email-from-ubercom/ www.secnews.physaphae.fr/article.php?IdArticle=3916965 True Vulnerability Uber,Uber None CVE Liste - Common Vulnerability Exposure 2021-12-27T22:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43858 www.secnews.physaphae.fr/article.php?IdArticle=3894436 False None Uber None InfoSecurity Mag - InfoSecurity Magazine 2021-12-24T10:25:00+00:00 https://www.infosecurity-magazine.com/news/former-uber-cso-faces-new-charge/ www.secnews.physaphae.fr/article.php?IdArticle=3868975 False Hack Uber,Uber None InfoSecurity Mag - InfoSecurity Magazine 2021-12-17T21:13:00+00:00 https://www.infosecurity-magazine.com/news/neuberger-change-your-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=3819263 False None Uber None TechRepublic - Security News US 2021-12-08T21:50:52+00:00 https://www.techrepublic.com/article/expert-businesses-are-feeling-the-pressure-to-implement-real-time-analytics-to-keep-up/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3764986 False None Uber,Uber None Cisco - Security Firm Blog 2021-12-02T19:46:16+00:00 https://blogs.cisco.com/security/snort-3-anywhere www.secnews.physaphae.fr/article.php?IdArticle=3738710 False None Uber None GoogleSec - Firm Security Blog high severity vulnerability that allowed workloads to have access to parts of the host filesystem outside the mounted volumes boundaries. Although the vulnerability was patched back in September we thought it would be beneficial to write up a more in-depth analysis of the issue to share with the community.We assessed the impact of the vulnerability as described in vulnerability management in open-source Kubernetes and worked closely with the GKE Storage team and the Kubernetes Security Response Committee to find a fix. In this post we'll give some background on how the subpath storage system works, an overview of the vulnerability, the steps to find the root cause and the fix, and finally some recommendations for GKE and Anthos users.Kubernetes Filesystems: Intro to Volume SubpathThe vulnerability, CVE-2021-25741, was caused by a race condition during the creation of a subpath bind mount inside a container, and allowed an attacker to gain unauthorized access to the underlying node filesystem and its sensitive files. We'll describe how that system is supposed to work, and then talk about the vulnerability.The volume subpath feature in Kubernetes enables sharing a volume in multiple containers inside a pod. For example, we could create a Pod with an InitContainer that creates directories with pre-populated data in a mounted filesystem volume. These directories can then be used by containers in the same Pod by mounting the same volume and optionally specifying a subpath field to limit what's visible inside the container.While there are some great use cases for this feature, it's an area that has had vulnerabilities discovered in the past. The kubelet must be extra cautious when handling user-owned subpaths because it operates with privileges in the host. One vulnerability that has been previously discovered involved the creation of a malicious workload where an InitContainer would create a symlink pointing to any location in the host. For example, the InitContainer could mount a volume in /mnt and create a symlink /mnt/attack inside the container pointing to /etc. Later in the Pod lifecycle, another container would attempt to mount the same volume with subpath attack. While preparing the volumes for the container, the kubelet would end up following the symlink to the host's /etc instead of the container's /etc, unknowingly exposing the host filesystem to the container. A previous fix made sure that the subpath mount location is resolved and validated to point to a location inside the base volume and that it's not changeable by the user in between the time the path was validated and when the container runtime bind mounts it. This race condition is known as time of check to time of use (TOCTOU) where the subject being validated changes after it has been validated.These validations and others are summarized in the following container lifecycle sequence diagram.]]> 2021-12-02T15:00:00+00:00 http://security.googleblog.com/2021/12/exploring-container-security-storage.html www.secnews.physaphae.fr/article.php?IdArticle=4593798 False Vulnerability Uber None TechRepublic - Security News US 2021-11-26T12:14:27+00:00 https://www.techrepublic.com/article/serverless-offerings-like-aws-lambda-havent-hit-the-big-time-but-kubernetes-can-help/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3710789 False None Uber None TechRepublic - Security News US 2021-11-19T19:01:09+00:00 https://www.techrepublic.com/article/enterprises-get-closer-to-the-app-store-experience-with-kubernetes-and-gitops/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3682343 False None Uber None TechRepublic - Security News US 2021-11-18T20:41:57+00:00 https://www.techrepublic.com/article/master-kubernetes-react-aws-and-more-valuable-cloud-skills-with-this-training/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3676328 False None Uber None CVE Liste - Common Vulnerability Exposure 2021-11-17T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43979 www.secnews.physaphae.fr/article.php?IdArticle=3672246 False None Uber None CVE Liste - Common Vulnerability Exposure 2021-11-15T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41266 www.secnews.physaphae.fr/article.php?IdArticle=3670034 False None Uber None CVE Liste - Common Vulnerability Exposure 2021-11-12T18:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41254 www.secnews.physaphae.fr/article.php?IdArticle=3651470 False Vulnerability Uber None GoogleSec - Firm Security Blog continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. NIST's guidelines for software verification, recently released in response to the White House Executive Order on Improving the Nation's Cybersecurity, specify fuzzing among the minimum standard requirements for code verification.Today, we are excited to announce ClusterFuzzLite, a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed, enhancing the overall security of the software supply chain.Since its release in 2016, over 500 critical open source projects have integrated into Google's OSS-Fuzz program, resulting in over 6,500 vulnerabilities and 21,000 functional bugs being fixed. ClusterFuzzLite goes hand-in-hand with OSS-Fuzz, by catching regression bugs much earlier in the development process.Large projects including systemd and curl are already using ClusterFuzzLite during code review, with positive results. According to Daniel Stenberg, author of curl, “When the human reviewers nod and have approved the code and your static code analyzers and linters can't detect any more issues, fuzzing is what takes you to the next level of code maturity and robustness. OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every commit.”With the release of ClusterFuzzLite, any project can integrate this essential testing standard and benefit from fuzzing. ClusterFuzzLite offers many of the same features as ClusterFuzz, such as continuous fuzzing, sanitizer support, corpus management, and coverage report generation. Most importantly, it's easy to set up and works with closed source projects, making ClusterFuzzLite a convenient option for any developer who wants to fuzz their software.]]> 2021-11-11T13:13:06+00:00 http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html www.secnews.physaphae.fr/article.php?IdArticle=4593799 False None Uber None GoogleSec - Firm Security Blog Kubernetes in the cloud-depend on the security of it. We research its vulnerabilities and attacks, as well as study and develop its defenses.But we know that there is more work to do. That's why we have decided to build on top of our kCTF VRP from last year and triple our previous reward amounts (for at least the next 3 months).Our base rewards for each publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), but the reward can go up to 50,337 USD in two cases:If the vulnerability was otherwise unpatched in the Kernel (0day)If the exploit uses a new attack or technique, as determined by GoogleWe hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities. It is important to note, that the easiest exploitation primitives are not available in our lab environment due to the hardening done on Container-Optimized OS. Note this program complements Android's VRP rewards, so exploits that work on Android could also be eligible for up to 250,000 USD (that's in addition to this program).The mechanics are:Connect to the kCTF VRP cluster, obtain root and read the flag (read this writeup for how it was done before, and this threat model for inspiration), and then submit your flag and a checksum of your exploit in this form.(If applicable) report vulnerabilities to upstream.We strongly recommend including a patch since that could qualify for an additional reward from our Patch Reward Program, but please report vulnerabilities upstream promptly once you confirm they are exploitable.Report your finding to Google VRP once all patches are publicly available (we don't want to receive details of unpatched vulnerabilities ahead of the public.)Provide the exploit code and the algorithm used to calculate the hash checksum.A rough description of the exploit strategy is welcome.Reports will be triaged on a weekly basis. If anyone has problems with the lab environment (if it's unavailable, technical issues or other questions), contact us on Discord in #kctf. You can read more details about the program here. Happy hunting! ]]> 2021-11-01T12:41:31+00:00 http://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html www.secnews.physaphae.fr/article.php?IdArticle=4593800 False None Uber None TechRepublic - Security News US 2021-11-01T10:02:01+00:00 https://www.techrepublic.com/article/java-microservices-docker-and-kubernetes-learn-to-use-them-to-create-an-efficient-enterprise/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3591469 False None Uber None Bleeping Computer - Magazine Américain 2021-10-20T11:49:39+00:00 https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/ www.secnews.physaphae.fr/article.php?IdArticle=3537865 False Malware Uber None