CVE-2019-19026

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform...

CVE-2019-19025

CVE-2019-19025 affects Cloud Native Computing Foundation Harbor prior to versions 1.8.6 and 1.9.3, where the Harbor web interface is vulnerable to Cross-site Request Forgery (CSRF) in the VMware Harbor Container Registry for the Pivotal Platform. The root cause is CSRF protection gaps in the Harb...

PT-2020-10035 · Cloud Native Computing Foundation +1 · Harbor +1

Name of the Vulnerable Software and Affected Versions: Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3 Description: The issue is related to a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. This vulnerability affects...

(RHSA-2020:0824) Moderate: Open Liberty 20.0.0.3 Runtime security update

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.3 serves as a replacement for Open Liberty 20.0.0.2 and includes security fixes, bug fixes, and enhancements. For specific information about this...

Enabling Business Continuity in an Uncertain Global Environment

Today's uncertain global environment has made it an imperative for companies to enable remote access to business-critical applications. In particular, the fluidity and uncertainty of the current global crisis triggered by COVID-19 have accelerated the movement to have employees work remotely...

Guardicore at RSA: AI-Powered Segmentation, Cloud Native Security

This week we’re announcing two new capabilities in our Centra Security Platform that further deliver on that mission: Support for cloud-native resources and AI-powered segmentation...

(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.1 serves as a replacement for Open Liberty 19.0.0.12 and includes bug fixes, enhancements, and security fixes. For specific information about this...

Public Bug Bounty Takes Aim at Kubernetes Container Project

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation CNCF. The Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling...

Mean Time to Hardening: The Next-Gen Security Metric

On average, it takes an organization 15 times longer to close a vulnerability than it does for attackers to weaponize and exploit one. Seven days to weaponize and 102 days to patch. Let that sink in. Once a vulnerability is disclosed, it’s you against them in a race to either secure or exploit; a...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-14439)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-14439 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occur...

Security Bulletin: : Netcool Operations Insight - Cloud Native Event Analytics is affected by a FasterXML jackson-databind vulnerability (CVE-2019-12814)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in FasterXML jackson-databind Vulnerability Details CVEID: CVE-2019-12814 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Defaul...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Kafka vulnerability (CVE-2018-17196)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Kafka Vulnerability Details CVEID: CVE-2018-17196 DESCRIPTION: In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypass...

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

Gartner Says the Future of Network Security Lies with SASE

Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business. Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the...

Microsoft Cloud Security solutions provide comprehensive cross-cloud protection

The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service IaaS to platform as a service PaaS to software as a...

Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

Just a month ago, I communicated the details about Azure Sentinel reaching general availability. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this...

Why Cloud is the Future of Enterprise Cybersecurity

The speed at which cyberthreats have been targeting enterprise networks and endpoints is forcing IT leaders to change the way they think about cybersecurity. One alternative to how enterprises look at security is to treat cloud as an operating system, says Patrick Morley, general manager of VMwar...

Unauthorized Access Vulnerability in Kong System

Kong is a cloud-native, fast, scalable distributed microservices abstraction layer also known as API Gateway, API Middleware or in some cases Service Mesh. Its core values are high performance and scalability and it was made available as an open source project in 2015. An unauthorized access...

VMware Harbor Privilege Escalation (VMSA-2019-0015) (CVE-2019-16097)

The remote VMware Harbor cloud native registry is affected by a remote privilege escalation vulnerability. Instances of VMware Harbor with DB as the authentication backend and which allow users to self-register are vulnerable. An authenticated, non-administrator, remote attacker can exploit this ...

Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available

Machine learning enhanced with artificial intelligence AI holds great promise in addressing many of the global cyber challenges we see today. They give our cyber defenders the ability to identify, detect, and block malware, almost instantaneously. And together they give security admins the abilit...