Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.

DARKReading
Open in Source
#vulnerability#git#intel#auth#zero_day
Mitigating breaches on Red Hat OpenShift with the CrowdStrike Falcon Operator

As Kubernetes becomes increasingly integral to production environments, cyber adversaries are likewise becoming more skilled in cloud-native exploitation. According to the CrowdStrike 2024 Global Threat Report, cases involving exploitation of cloud services increased by 110% in 2023, far outpacing non-cloud cases, which grew only 60% year-over-year.CrowdStrike helps organizations stay ahead of these evolving adversaries by providing breach prevention solutions that span endpoints, Kubernetes, clouds, data and identity in the consolidated CrowdStrike Falcon® platform.This article talks about t

Facebook at 20: Contemplating the Cost of Privacy

As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.

Attackers Planted Millions of Imageless Repositories on Docker Hub

The purported metadata for each these containers had embedded links to malicious files.

GHSA-62qf-jcq8-8gxw: Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m57-hf25-phgg. This link is maintained to preserve external references. ## Original Description Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

FBI warns online daters to avoid “free” online verification schemes that prove costly

The FBI sent out a warning about fraudsters that trick victims into signing up for an expensive verification process on dating sites

GHSA-2cgq-h8xw-2v5j: CRI-O vulnerable to an arbitrary systemd property injection

### Impact On CRI-O, an arbitrary systemd property can be injected via a Pod annotation: ``` --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: # I believe that ExecStart with an arbitrary command works here too, # but I haven't figured out how to marshalize the ExecStart struct to gvariant string. org.systemd.property.SuccessAction: "'poweroff-force'" spec: containers: - name: hello image: [quay.io/podman/hello](http://quay.io/podman/hello) ``` This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Tested with CRI-O v1.24 on minikube. Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations: https://github.com/opencontainers/runc/pull/3923#discussion_r1532292536 CRI-O has to filter out annotations that have the prefix "org.systend.property." See also: - https://github.com...

Okta: Credential-Stuffing Attacks Spike via Proxy Networks

Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.

Kemp LoadMaster Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 (GA), 7.2.54.8 (LTSF), and 7.2.48.10 (LTS).