#aws

Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

An update is now available for Red Hat OpenShift GitOps 1.4 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24904: argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server * CVE-2022-24905: argocd: Login screen allows message spoofing if SSO is enabled * CVE-2022-29165: argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled

Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

The Sysrv botnet has been developing over the last years, and has become a multi-platform botnet that specializes in Monero cryptomining. The post Sysrv botnet is out to mine Monero on your Windows and Linux servers appeared first on Malwarebytes Labs.