Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Red Hat Trusted Artifact Signer with Enterprise Contract: Trustable container images

Recently, Red Hat announced the technical preview of Red Hat Trusted Artifact Signer which is a production-ready deployment of the Sigstore project for enterprise use. In this article, we will learn how to use Trusted Artifact Signer when signing, attesting and verifying a container image with cosign and Enterprise Contract (EC).Before starting, we must deploy Trusted Artifact Signer on our Red Hat OpenShift cluster by following Chapter 1 of the Deployment Guide. Be sure to also run the source ./tas-env-variables.sh script to set up the shell variables (URLs) to the Sigstore services endpoint

Red Hat Blog
#web#red_hat#js#auth#sap
Apple and Google Just Patched Their First Zero-Day Flaws of the Year

Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.

Approaching Complex Data Security for Small Businesses

By Waqas Small businesses are faced with unique challenges in terms of data security. You don’t have the vast resources… This is a post from HackRead.com Read the original post: Approaching Complex Data Security for Small Businesses

Apple warns of “privacy and security threats” after EU requires it to allow sideloading

To comply with the EU's Digital Markets Act, Apple will allow European iPhone owners to install apps obtained from outside the official App store.

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview

GHSA-c3c6-f2ww-xfr2: Apache Airflow: pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

GHSA-vm5m-qmrx-fw8w: Apache Airflow: Bypass permission verification to read code of other dags

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.