This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T19:32:42+00:00 www.secnews.physaphae.fr GoogleSec - Firm Security Blog OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we\'re thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with broad support for formats and ecosystems. What\'s newEnhanced Dependency Extraction with OSV-SCALIBRThis release represents the first major integration of OSV-SCALIBR features into OSV-Scanner, which is now the official command-line code and container scanning tool for the OSV-SCALIBR library. This integration also expanded our support for the kinds of dependencies we can extract from projects and containers:Source manifests and lo]]> 2025-03-17T12:47:25+00:00 http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8656281 False Tool,Vulnerability Uber 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Executive Summary Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilities By implementing a robust access control policy on supporting APIs, the risks associated with client-side rendering can be largely mitigated Using server-side rendering within the SPA can prevent unauthorized users from modifying or even viewing pages and data that they are not authorized to see Introduction Single-page applications (SPAs) are popular due to their dynamic and user-friendly interfaces, but they can also introduce security risks. The client-side rendering frequently implemented in SPAs can make them vulnerable to unauthorized access and data manipulation. This blog post will explore the vulnerabilities inherent in SPAs, including routing manipulation, hidden element exposure, and JavaScript debugging, as well as provide recommendations on how to mitigate these risks. Single-Page Applications A SPA is a web application design framework in which the application returns a single document whose content is hidden, displayed, or otherwise modified by JavaScript. This differs from the flat file application framework traditionally implemented in PHP or strictly HTML sites and from the Model-View-Controller (MVC) architecture where data, views, and server controls are handled by different portions of the application. Dynamic data in SPAs is updated through API calls, eliminating the need for page refreshes or navigation to different URLs. This approach makes SPAs feel more like native applications, offering a seamless user experience. JavaScript frameworks that are commonly used to implement SPAs include React, Angular, and Vue. Client-Side Rendering In SPAs that use client-side rendering, a server responds to a request with an HTML document that contains only CSS, metadata, and JavaScript. The initially returned HTML document does not contain any content, and instead once the JavaScript files have been run in the browser, the application\'s frontend user interface (UI) and content is loaded into the HTML document at runtime. If the application is designed to use routing, JavaScript takes the URL and attempts to generate the page that the user requested. While this is happening, the application is making requests to the API endpoint to load data and check whether or not the current user is authorized to access the data. If a user is not yet authenticated, then the application will render a login page or redirect the user to a separate single sign-on (SSO) application for authentication. While all of this happens, a user may briefly observe a blank white page before the application dashboard or login page is loaded into their browser. During this pause, the application is potentially loading hundreds of thousands of lines of minified JavaScript that will build the full user experience of the application. SPAs are used in millions of applications across the globe, including Netflix, Hulu, Uber, and DoorDash. Issues with Client-Side Rendering ]]> 2025-01-15T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/single-page-applications-vulnerable/ www.secnews.physaphae.fr/article.php?IdArticle=8637738 False Tool,Vulnerability Uber 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-27T09:26:51+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/cybersecurity-topics-to-include-in-your-program www.secnews.physaphae.fr/article.php?IdArticle=8417272 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud Uber,Uber 2.0000000000000000 Dark Reading - Informationweek Branch 2023-11-06T19:59:00+00:00 https://www.darkreading.com/cloud/aqua-security-introduces-industry-first-kubernetes-vulnerability-scanning-with-trivy-kbom www.secnews.physaphae.fr/article.php?IdArticle=8406780 False Vulnerability Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn\'t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254 www.secnews.physaphae.fr/article.php?IdArticle=8406849 False Vulnerability Uber None The State of Security - Magazine Américain Containers offer a streamlined application deployment and management approach. Thanks to their efficiency and portability, platforms like Docker and Kubernetes have become household names in the tech industry. However, a misconception lurks in the shadows as containers gain popularity - the belief that active vulnerability scanning becomes redundant once containers are implemented. This blog will shed light on this myth and explore the importance of vulnerability management and change detection in containerized environments. Containers: The Basics Before diving into container security, let\'s...]]> 2023-11-02T03:48:30+00:00 https://www.tripwire.com/state-of-security/container-security-essentials-vulnerability-scanning-and-change-detection www.secnews.physaphae.fr/article.php?IdArticle=8404581 False Vulnerability Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (]]> 2023-10-30T12:16:00+00:00 https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8402689 False Vulnerability,Threat Uber 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46194 www.secnews.physaphae.fr/article.php?IdArticle=8401377 False Vulnerability Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap]]> 2023-10-26T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ensuring-robust-security-of-a-containerized-environment www.secnews.physaphae.fr/article.php?IdArticle=8400754 False Tool,Vulnerability,Threat,Cloud Uber 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain attrayant Sa conviction. Les procureurs ont inculpé Sullivan, qu'Uber a embauché comme CISO après la violation de 2014, de retenir des informations sur l'incident de 2016 de la FTC, alors même que ses enquêteurs examinaient les pratiques de sécurité et de confidentialité des données de l'entreprise.Le gouvernement a fait valoir que Sullivan aurait dû informer la FTC de l'incident de 2016, mais a plutôt fait tout son possible pour leur cacher. Les procureurs ont également accusé Sullivan d'avoir tenté de cacher la violation elle-même en payant 100 000 $ pour acheter le silence des deux pirates derrière le compromis.Sullivan avait caractérisé le paiement comme une prime de bogue similaire à celle que d'autres sociétés font régulièrement aux chercheurs qui leur rapportent des vulnérabilités et d'autres problèmes de sécurité.Ses avocats ont souligné que Sullivan avait effectué le paiement avec la pleine connaissance et la bénédiction de Travis Kalanick, PDG d'Uber à l'époque, et d'autres membres de l'équipe juridique du géant du géant du conducteur ...

---

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have informed the FTC of the 2016 incident, but instead went out of his way to conceal it from them. Prosecutors also accused Sullivan of attempting to conceal the breach itself by paying $100,000 to buy the silence of the two hackers behind the compromise. Sullivan had characterized the payment as a bug bounty similar to ones that other companies routinely make to researchers who report vulnerabilities and other security issues to them. His lawyers pointed out that Sullivan had made the payment with the full knowledge and blessing of Travis Kalanick, Uber’s CEO at the time, and other members of the ride-sharing giant’s legal team...]]> 2023-10-19T11:08:36+00:00 https://www.schneier.com/blog/archives/2023/10/former-uber-ciso-appealing-his-conviction.html www.secnews.physaphae.fr/article.php?IdArticle=8397666 False Vulnerability Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform 2023-10-10T17:37:33+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-030 www.secnews.physaphae.fr/article.php?IdArticle=8393870 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User\'s still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation.]]> 2023-09-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40026 www.secnews.physaphae.fr/article.php?IdArticle=8388823 False Vulnerability Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August]]> 2023-09-13T19:35:00+00:00 https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8382342 False Vulnerability Uber 3.0000000000000000 CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.]]> 2023-09-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41423 www.secnews.physaphae.fr/article.php?IdArticle=8382088 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability]]> 2023-09-12T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29332 www.secnews.physaphae.fr/article.php?IdArticle=8381923 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system\'s functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.]]> 2023-09-07T23:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40584 www.secnews.physaphae.fr/article.php?IdArticle=8380259 False Vulnerability Uber None Vuln GCP - FLux Vuln GoogleCloudPlatform Bulletin de sécurité gke clusters anthos sur le bulletin de sécurité VMware grappes anthos sur le bulletin de sécurité AWS anthos sur le bulletin de sécurité azur anthos sur le bulletin de sécurité en métal nu High CVE-2023-3676 , CVE-2023-3955 , cve-2023-3893

---

Published: 2023-09-06Description Description Severity Notes Three vulnerabilities (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) have been discovered in Kubernetes where a user that can create Pods on Windows nodes may be able to escalate to admin privileges on those nodes. These vulnerabilities affect the Windows versions of Kubelet and the Kubernetes CSI proxy. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2023-3676, CVE-2023-3955, CVE-2023-3893 ]]> 2023-09-06T17:35:09+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-026 www.secnews.physaphae.fr/article.php?IdArticle=8379787 False Vulnerability Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.]]> 2023-08-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40025 www.secnews.physaphae.fr/article.php?IdArticle=8373842 False Tool,Vulnerability Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data.  API sprawl]]> 2023-08-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-is-api-security-the-next-big-thing-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8370101 False Malware,Tool,Vulnerability,Threat,Cloud Uber 3.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs ont ont découvert deux vulnérabilités dans le système d'exploitation Linux, Ubuntu avec le potentiel d'accorder des attaquants a augmenté les privilèges.Les deux bogues ont un impact sur les surlayfs, un système de fichiers Linux largement installé utilisé pour la conteneurisation sur les serveurs cloud avec des technologies comme Docker et Kubernetes.Après avoir été informé des vulnérabilités par les chercheurs avec la société de sécurité du cloud Wiz

---

Researchers have discovered two vulnerabilities in the Linux operating system Ubuntu with the potential to grant attackers escalated privileges. The two bugs impact OverlayFS, a widely installed Linux filesystem used for containerization on cloud servers with technologies like Docker and Kubernetes. After being notified of the vulnerabilities by researchers with the cloud security firm Wiz]]> 2023-07-27T17:05:00+00:00 https://therecord.media/ubuntu-linux-overlayfs-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8362345 False Vulnerability,Cloud Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.]]> 2023-07-10T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36375 www.secnews.physaphae.fr/article.php?IdArticle=8354181 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.]]> 2023-07-10T16:15:53+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36376 www.secnews.physaphae.fr/article.php?IdArticle=8354182 False Vulnerability Uber None Vuln GCP - FLux Vuln GoogleCloudPlatform 2023-06-27T14:55:00+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-018 www.secnews.physaphae.fr/article.php?IdArticle=8349769 True Vulnerability Uber 2.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform 2023-06-26T18:49:48+00:00 https://cloud.google.com/support/bulletins/index#gcp-2023-017 www.secnews.physaphae.fr/article.php?IdArticle=8349433 False Vulnerability Uber 2.0000000000000000 GoogleSec - Firm Security Blog Google Cloud products, which in turn helps improve security for our users, customers, and the Internet at large.We first announced the Google Cloud VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud and to incentivize sharing knowledge on Cloud vulnerability research with the world. This year, we were excited to see an increase in collaboration between researchers, which often led to more detailed and complex vulnerability reports. After careful evaluation of the submissions, today we are excited to announce the winners of the 2022 Google Cloud VRP Prize.2022 Google Cloud VRP Prize Winners1st Prize - $133,337: Yuval Avrahami for the report and write-up Privilege escalations in GKE Autopilot. Yuval\'s excellent write-up describes several attack paths that would allow an attacker with permission to create pods in an Autopilot cluster to escalate privileges and compromise the underlying node VMs. While thes]]> 2023-06-22T12:05:42+00:00 http://security.googleblog.com/2023/06/google-cloud-awards-313337-in-2022-vrp.html www.secnews.physaphae.fr/article.php?IdArticle=8348159 False Vulnerability,Cloud Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC.]]> 2023-06-15T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34242 www.secnews.physaphae.fr/article.php?IdArticle=8345959 False Vulnerability Uber None GoogleSec - Firm Security Blog 2020, we integrated kCTF into Google\'s Vulnerability Rewards Program (VRP) to support researchers evaluating the security of Google Kubernetes Engine (GKE) and the underlying Linux kernel. As the Linux kernel is a key component not just for Google, but for the Internet, we started heavily investing in this area. We extended the VRP\'s scope and maximum reward in 2021 (to $50k), then again in February 2022 (to $91k), and finally in August 2022 (to $133k). In 2022, we also summarized our learnings to date in our cookbook, and introduced our experimental mitigations for the most common exploitation techniques.In this post, we\'d like to share our learnings and statistics about the latest Linux kernel exploit submissions, how effective our ]]> 2023-06-14T11:59:49+00:00 http://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8345378 False Vulnerability Uber 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #24  |   June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching Uber,APT 37,ChatGPT,ChatGPT,APT 43 2.0000000000000000 CVE Liste - Common Vulnerability Exposure = 2,6.0 avant = 2,7.0 avant = 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.]]> 2023-06-01T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22647 www.secnews.physaphae.fr/article.php?IdArticle=8341230 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-05-22T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25448 www.secnews.physaphae.fr/article.php?IdArticle=8338469 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher\'s admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.]]> 2023-05-04T08:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22651 www.secnews.physaphae.fr/article.php?IdArticle=8333412 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-04-25T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25490 www.secnews.physaphae.fr/article.php?IdArticle=8330944 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-03-17T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27595 www.secnews.physaphae.fr/article.php?IdArticle=8319533 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-03-16T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28110 www.secnews.physaphae.fr/article.php?IdArticle=8319217 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-03-09T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27483 www.secnews.physaphae.fr/article.php?IdArticle=8317106 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-02-28T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1065 www.secnews.physaphae.fr/article.php?IdArticle=8314395 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-02-16T18:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23947 www.secnews.physaphae.fr/article.php?IdArticle=8310941 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-02-08T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25163 www.secnews.physaphae.fr/article.php?IdArticle=8308422 False Spam,Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-01-26T21:18:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22736 www.secnews.physaphae.fr/article.php?IdArticle=8304612 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-01-26T21:18:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22482 www.secnews.physaphae.fr/article.php?IdArticle=8304606 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-01-14T01:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22480 www.secnews.physaphae.fr/article.php?IdArticle=8301074 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-01-13T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3841 www.secnews.physaphae.fr/article.php?IdArticle=8300864 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure = v0.12.0 released on 08/12/2022.]]> 2023-01-09T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23509 www.secnews.physaphae.fr/article.php?IdArticle=8299267 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure = v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)]]> 2023-01-09T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23508 www.secnews.physaphae.fr/article.php?IdArticle=8299266 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-12-23T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47633 www.secnews.physaphae.fr/article.php?IdArticle=8294391 False Vulnerability Uber None Vuln GCP - FLux Vuln GoogleCloudPlatform GKE Sandbox are unaffected.

---

A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later) Anthos clusters on VMware v1.10 for Container-Optimized OS images Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-0847 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-012 www.secnews.physaphae.fr/article.php?IdArticle=8296090 True Vulnerability Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-3176 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-021 www.secnews.physaphae.fr/article.php?IdArticle=8296081 True Vulnerability,Guideline Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GKE Sandbox are not affected by these vulnerabilities.

---

2022-07-21 Update: additional information on Anthos clusters on VMware.

---

A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-017 www.secnews.physaphae.fr/article.php?IdArticle=8296085 True Vulnerability Uber 3.0000000000000000 Vuln GCP - FLux Vuln GoogleCloudPlatform GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin Medium CVE-2022-23648 ]]> 2022-12-21T17:12:56+00:00 https://cloud.google.com/support/bulletins/index#gcp-2022-013 www.secnews.physaphae.fr/article.php?IdArticle=8296089 False Vulnerability Uber 3.0000000000000000 GoogleSec - Firm Security Blog rise in software supply chain attacks, a Log4j vulnerability of catastrophic severity and breadth, and even an Executive Order on Cybersecurity. It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip). GUAC, or Graph for Understanding Artifact Composition, is in the early stages yet is poised to change how the industry understands software supply chains. GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata. True to Google's mission to organize and make the world's information universally accessible and useful, GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding. Thanks to community collaboration in groups such as OpenSSF, SLSA, SPDX, CycloneDX, and others, organizations increasingly have ready access to: Software Bills of Materials (SBOMs) (with SPDX-SBOM-Generator, Syft, kubernetes bom tool) signed attestations about how software was built (e.g. SLSA with SLSA3 Github Actions Builder, Google Cloud Build) vulnerability databases that aggregate information across ecosystems and make vulnerabilities more discoverable and actionable (e.g. OSV.dev, Global Security Database (GSD)). These data are useful on their own, but it's difficult to combine and synthesize the information for a more comprehensive view. The documents are scattered across different databases and producers, are attached to different ecosystem entities, and cannot be easily aggregated to answer higher-level questions about an organization's software assets. To help address this issue we've teamed up with Kusari, Purdue University, and Citi to create GUAC, a free tool to bring together many different sources of software security metadata. We're excited to share the project's proof of concept, which lets you query a small dataset of software metadata including SLSA provenance, SBOMs, and OpenSSF Scorecards. What is GUAC Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database-normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance. Conceptually, GUAC occupies the “aggregation and synthesis” layer of the software supply chain transparency logical model: ]]> 2022-10-20T13:01:02+00:00 http://security.googleblog.com/2022/10/announcing-guac-great-pairing-with-slsa.html www.secnews.physaphae.fr/article.php?IdArticle=7739960 False Tool,Vulnerability Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue. According to VMware's Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly. Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024. What are the biggest concerns facing the financial sector in the United States for 2022? Reimbursing cyber scams As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack. Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly. To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks' responsibility to establish security models that will give them and their clients the greatest level of safety. Maintain compliance with strict privacy regulations The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle.   Banks must decide how to manage sensitive personal data like biometrics as ]]> 2022-10-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-biggest-concerns-within-the-us-financial-sector-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=7431394 False Ransomware,Malware,Vulnerability,Threat,Guideline Uber None CISCO Talos - Cisco Research blog By Jon Munshaw and Vanja Svajcer.Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company's hardware and software line, including seven critical issues in Windows' point-to-point tunneling protocol. October's security update features 11 critical vulnerabilities, with the remainder being “important.”  One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month's Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.  CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month - a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.  The Windows' point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity: CVE-2022-22035CVE-2022-24504 CVE-2022-30198 CVE-2022-33634 CVE-2022-38000 CVE-2022-38047 CVE-2022-41081 CVE-2022-38000 is the most serious among the group wit]]> 2022-10-11T14:11:23+00:00 http://blog.talosintelligence.com/2022/10/microsoft-patch-tuesday-for-october.html www.secnews.physaphae.fr/article.php?IdArticle=7396114 False Vulnerability Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Hacker Pwns Uber Via Compromised VPN Account (published: September 16, 2022) On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker. Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer Self-Spreading Stealer Attacks Gamers via YouTube (published: September 15, 2022) Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.” Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496 Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub]]> 2022-09-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-uber-and-gta-6-were-breached-redline-bundle-file-advertises-itself-on-youtube-supply-chain-attack-via-ecommerce-fishpig-extensions-and-more www.secnews.physaphae.fr/article.php?IdArticle=7016803 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,Uber,APT 41,APT 15 None Security Affairs - Blog Secu Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] ]]> 2022-09-16T07:22:27+00:00 https://securityaffairs.co/wordpress/135811/data-breach/uber-hacked-systems-allegedly-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=6924934 False Vulnerability,Threat Uber,Uber None CVE Liste - Common Vulnerability Exposure 2022-09-13T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36103 www.secnews.physaphae.fr/article.php?IdArticle=6872795 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-09-07T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36049 www.secnews.physaphae.fr/article.php?IdArticle=6774470 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-09-07T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36782 www.secnews.physaphae.fr/article.php?IdArticle=6765502 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-09-01T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2238 www.secnews.physaphae.fr/article.php?IdArticle=6672364 False Vulnerability,Guideline Uber None CVE Liste - Common Vulnerability Exposure 2022-08-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36035 www.secnews.physaphae.fr/article.php?IdArticle=6648917 False Tool,Vulnerability Uber None ProjectZero - Blog de recherche Google 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general. Overview For nearly ten years, Google’s Project Zero has been working to make it more difficult for bad actors to find and exploit security vulnerabilities, significantly improving the security of the Internet for everyone. In that time, we have partnered with folks across industry to transform the way organizations prioritize and approach fixing security vulnerabilities and updating people’s software. To help contextualize the shifts we are seeing the ecosystem make, we looked back at the set of vulnerabilities Project Zero has been reporting, how a range of vendors have been responding to them, and then attempted to identify trends in this data, such as how the industry as a whole is patching vulnerabilities faster. For this post, we look at fixed bugs that were reported between January 2019 and December 2021 (2019 is the year we made changes to our disclosure policies and also began recording more detailed metrics on our reported bugs). The data we'll be referencing is publicly available on the Project Zero Bug Tracker, and on various open source project repositories (in the case of the data used below to track the timeline of open-source browser bugs). There are a number of caveats with our data, the largest being that we'll be looking at a small number of samples, so differences in numbers may or may not be statistically significant. Also, the direction of Project Zero's research is almost entirely influenced by the choices of individual researchers, so changes in our researc]]> 2022-08-23T11:50:56+00:00 https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html www.secnews.physaphae.fr/article.php?IdArticle=8221936 False Vulnerability,Patching Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-08-18T19:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35976 www.secnews.physaphae.fr/article.php?IdArticle=6399396 False Vulnerability,Guideline Uber None SecurityWeek - Security News 2022-08-15T11:48:00+00:00 https://www.securityweek.com/google-boosts-bug-bounty-rewards-linux-kernel-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=6341289 False Vulnerability Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC DevOps teams develop applications and deploy services using them. Moreover, organizations also use these containers to deploy and scale the DevOps infrastructure like the CI/CD tools. A report reveals that by 2022, organizations are likely to run 24% of their workload on containers. However, despite the benefits containers offer, it doesn’t mean they are completely secure. A study revealed that 87% of organizations had deployed containers in their production, while it's found that 94% had experienced at least one security incident. Another research finds that 45% of organizations have delayed or slowed down their application deployment process because of container security issues. All these issues can cause organizations to slow down their transformation journey and bear financial and reputational loss. To avoid such circumstances, organizations need to be aware of cloud container threats and learn how to minimize risks. Why are cloud containers becoming a growing threat? Containerization is a fast-moving trend that plays a pivotal role in improving agility and boosting innovation and is necessary for application development. The adoption of containers has soared in recent years and will continue to rise - and why not, as it transforms how an organization deploys IT infrastructure. Gartner predicts that by 2023, 70% of organizations will use containerized applications. In a survey, the Cloud-Native Computing Foundation (CFNC) finds that 96% of enterprises have evaluated or actively use Kubernetes. Besides this, 68% of the IT leaders in the Red Hat State of Enterprise Open Source Report for 2022 say that container technology is on the level of other important technologies, like Artificial Intelligence and Machine Learning. Container adoption comes with great advantages, but can also pose cybersecurity threats and challenges that adversely impact organizations. Enterprises who depend on container technology but fail to identify the security vulnerabilities and implement mitigation measures compromise their sensitive business data, including customer data. The situation becomes even more dire since most of these threats can’t be mitigated through endpoint security tools such as proxies or VPNs.  Here are some of the reasons cloud containers are becoming a threat to organizations: Human error Hackers can compromise container technology in the cloud in several ways. ]]> 2022-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/are-cloud-containers-a-sugar-coated-threat www.secnews.physaphae.fr/article.php?IdArticle=6227177 False Malware,Vulnerability,Threat,Guideline Uber None NoticeBored - Experienced IT Security professional glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):]]> 2022-08-06T10:46:21+00:00 http://blog.noticebored.com/2022/08/a-glossy-nicely-constructed-and.html www.secnews.physaphae.fr/article.php?IdArticle=6150878 False Malware,Vulnerability,Threat,Patching,Guideline,Medical,Cloud Uber,APT 38,APT 37,APT 28,APT 19,APT 15,APT 10,APT 34,Guam None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31105 www.secnews.physaphae.fr/article.php?IdArticle=5679746 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31102 www.secnews.physaphae.fr/article.php?IdArticle=5679745 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-30T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22472 www.secnews.physaphae.fr/article.php?IdArticle=5475204 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31098 www.secnews.physaphae.fr/article.php?IdArticle=5424287 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure =v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround.]]> 2022-06-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31036 www.secnews.physaphae.fr/article.php?IdArticle=5423402 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31034 www.secnews.physaphae.fr/article.php?IdArticle=5422523 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31035 www.secnews.physaphae.fr/article.php?IdArticle=5422524 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-25T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31016 www.secnews.physaphae.fr/article.php?IdArticle=5378752 False Vulnerability Uber None GoogleSec - Firm Security Blog SBOMs)-a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for software became popular as a way to understand what's in the software we all consume. The guiding idea is that it's impossible to judge the risks of particular software without knowing all of its components-including those produced by others. This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework, which requires SBOM information to be available for software. But now that the industry is making progress on methods to generate and share SBOMs, what do we do with them?Generating an SBOM is only one half of the story. Once an SBOM is available for a given piece of software, it needs to be mapped onto a list of known vulnerabilities to know which components could pose a threat. By connecting these two sources of information, consumers will know not just what's in what's in their software, but also its risks and whether they need to remediate any issues.In this blog post, we demonstrate the process of taking an SBOM from a large and critical project-Kubernetes-and using an open source tool to identify the vulnerabilities it contains. Our example's success shows that we don't need to wait for SBOM generation to reach full maturity before we begin mapping SBOMs to common vulnerability databases. With just a few updates from SBOM creators to address current limitations in connecting the two sources of data, this process is poised to become easily within reach of the average software consumer. OSV: Connecting SBOMs to vulnerabilitiesThe following example uses Kubernetes, a major project that makes its SBOM available using the Software Package Data Exchange (SPDX) format-an international open standard (ISO) for communicating SBOM information. The same idea should apply to any project that makes its SBOM available, and for projects that don't, you can generate your own SBOM using the same bom tool Kubernetes created.We have chosen to map the SBOM to the Open Source Vulnerabilities (OSV) database, which describes vulnerabilities in a format that was specifically designed to map to open source package versions or commit hashes. The OSV database excels here as it provides a standardized format and aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., Github Advisory Database (GHSA), Global Security Database (GSD)).To connect the SBOM to the database, we'll use the SPDX spdx-to-osv tool. This open source tool takes in an SPDX SBOM document, queries the OSV database of vulnerabilities, and returns an enumeration of vulnerabilities present in the software's declared components.Example: Kubernetes' SBOMThe first step is to download Kubernetes' SBOM, which is publicly available and contains information on the project, dependencies, versions, and ]]> 2022-06-14T12:00:00+00:00 http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=5145917 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-13T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31054 www.secnews.physaphae.fr/article.php?IdArticle=5137205 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29165 www.secnews.physaphae.fr/article.php?IdArticle=4717170 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24904 www.secnews.physaphae.fr/article.php?IdArticle=4717093 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24905 www.secnews.physaphae.fr/article.php?IdArticle=4717094 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-06T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24878 www.secnews.physaphae.fr/article.php?IdArticle=4553469 False Vulnerability Uber 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-06T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24877 www.secnews.physaphae.fr/article.php?IdArticle=4553468 False Vulnerability Uber 5.0000000000000000 CrowdStrike - CTI Society 2022-05-03T08:37:30+00:00 https://www.crowdstrike.com/blog/understanding-cve-2022-23648-kubernetes-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=4537612 False Vulnerability Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (published: April 25, 2022) Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables. Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | ]]> 2022-04-26T16:24:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gamaredon-delivers-four-pterodos-at-once-known-plaintext-attack-on-yanlouwang-encryption-north-korea-targets-blockchain-industry-and-more www.secnews.physaphae.fr/article.php?IdArticle=4508976 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Medical Uber,APT 38,APT 28 None CVE Liste - Common Vulnerability Exposure 2022-03-23T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24768 www.secnews.physaphae.fr/article.php?IdArticle=4332510 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24730 www.secnews.physaphae.fr/article.php?IdArticle=4331949 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24731 www.secnews.physaphae.fr/article.php?IdArticle=4331950 False Tool,Vulnerability Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-03-17T00:37:22+00:00 https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html www.secnews.physaphae.fr/article.php?IdArticle=4296741 False Vulnerability Uber None SecurityWeek - Security News 2022-03-16T12:41:17+00:00 https://www.securityweek.com/severe-vulnerability-patched-cri-o-container-engine-kubernetes www.secnews.physaphae.fr/article.php?IdArticle=4291923 False Vulnerability Uber None ComputerWeekly - Computer Magazine 2022-03-16T07:45:00+00:00 https://www.computerweekly.com/news/252514667/Kubernetes-vulnerability-underscores-repeated-security-warnings www.secnews.physaphae.fr/article.php?IdArticle=4291446 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-15T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27210 www.secnews.physaphae.fr/article.php?IdArticle=4287163 False Vulnerability Uber None CrowdStrike - CTI Society 2022-03-15T12:19:11+00:00 https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ www.secnews.physaphae.fr/article.php?IdArticle=4297035 True Vulnerability,Threat Uber None CrowdStrike - CTI Society 2022-03-15T12:19:11+00:00 https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ www.secnews.physaphae.fr/article.php?IdArticle=4284922 False Vulnerability,Threat Uber None CVE Liste - Common Vulnerability Exposure 2022-02-22T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23652 www.secnews.physaphae.fr/article.php?IdArticle=4168561 False Vulnerability Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 43,APT 36,APT-C-17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-02-05T21:48:25+00:00 https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html www.secnews.physaphae.fr/article.php?IdArticle=4088212 False Tool,Vulnerability Uber None InfoSecurity Mag - InfoSecurity Magazine 2022-02-04T18:30:00+00:00 https://www.infosecurity-magazine.com/news/major-vulnerability-found-in-argo/ www.secnews.physaphae.fr/article.php?IdArticle=4082256 False Vulnerability Uber None Bleeping Computer - Magazine Américain 2022-02-04T10:43:31+00:00 https://www.bleepingcomputer.com/news/security/argo-cd-vulnerability-leaks-sensitive-info-from-kubernetes-apps/ www.secnews.physaphae.fr/article.php?IdArticle=4081122 False Vulnerability Uber None Bleeping Computer - Magazine Américain 2022-01-25T11:56:28+00:00 https://www.bleepingcomputer.com/news/security/linux-kernel-bug-can-let-hackers-escape-kubernetes-containers/ www.secnews.physaphae.fr/article.php?IdArticle=4031336 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-01-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21701 www.secnews.physaphae.fr/article.php?IdArticle=4000019 False Vulnerability Uber None IT Security Guru - Blog Sécurité 2022-01-04T13:44:32+00:00 https://www.itsecurityguru.org/2022/01/04/vulnerability-lets-anyone-send-emails-from-uber-com/?utm_source=rss&utm_medium=rss&utm_campaign=vulnerability-lets-anyone-send-emails-from-uber-com www.secnews.physaphae.fr/article.php?IdArticle=3922997 False Vulnerability,Threat Uber,Uber None Bleeping Computer - Magazine Américain 2022-01-02T09:48:35+00:00 https://www.bleepingcomputer.com/news/security/uber-ignores-vulnerability-that-lets-you-send-any-email-from-ubercom/ www.secnews.physaphae.fr/article.php?IdArticle=3916965 True Vulnerability Uber,Uber None Bleeping Computer - Magazine Américain 2022-01-02T09:48:35+00:00 https://www.bleepingcomputer.com/news/security/uber-dismisses-vulnerability-that-lets-you-email-anyone-as-uber/ www.secnews.physaphae.fr/article.php?IdArticle=3916751 False Vulnerability Uber,Uber None