Lucene search
+L

466 matches found

qualysblog
qualysblog
added 2018/10/11 5:57 p.m.52 views

Qualys Broadens Security Offerings for Azure

Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments. By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their...

0.1AI score
Exploits0
qualysblog
qualysblog
added 2018/08/30 2:53 p.m.58 views

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

7.2AI score
Exploits0
qualysblog
qualysblog
added 2018/08/16 4:0 p.m.65 views

Black Hat USA 2018 Best Practices Videos

Watch the presentations from the Qualys booth at Black Hat USA 2018, available online now. Learn how your peers are securing their environments and see the breadth and depth of Qualys solutions. Industry-Leading Best Practices Qualys customers explain how they run their industry-leading security...

Exploits0
qualysblog
qualysblog
added 2018/07/31 10:22 p.m.55 views

Eager to Boost your Container Security? Don’t Miss this Webcast

DevOps teams can’t get enough of containers -- and for good reason. Faster and more efficient application development and deployment, as well as increased application portability, are some container technology benefits, which in turn help drive digital transformation efforts. Container-based...

0.8AI score
Exploits0
cve
cve
added 2018/07/23 5:0 p.m.56 views

CVE-2018-11757

CVE-2018-11757 affects Docker Skeleton Runtime for Apache OpenWhisk. A Docker action using openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. The issue is described in multiple so...

9.8CVSS9.3AI score0.06895EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2018/07/05 12:0 a.m.20 views

podman elevation of privilege vulnerability

libpod is a library for running OCI-based containers in Pods. podman is one of the tools for managing Pods. A security vulnerability exists in podman 0.6.1 and earlier versions. An attacker can exploit the vulnerability to enable containers to gain elevated privileges...

8.8CVSS6.9AI score0.00878EPSS
Exploits0References1
trendmicroblog
trendmicroblog
added 2018/06/22 1:30 p.m.35 views

This Week in Security News: Macs, Hacks and Attacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, GitHub was hacked via their official account with cryptocurrency Sycoin. Also, a phishing attack targeting trustee company HealthEquity led ...

Exploits0
qualysblog
qualysblog
added 2018/06/15 2:7 p.m.60 views

QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture

Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition. Specifically, organizations can organicall...

7.1AI score
Exploits0
trendmicroblog
trendmicroblog
added 2018/06/11 1:52 p.m.56 views

AWS Invites Trend Micro to Give a Sneak Peek Of Our New Stuff

You can tell a lot by the company someone keeps. This is one of many reasons we are so proud to have been invited to present at an Amazon event today. Amazon is hosting an EKoS Day in San Francisco and will be highlighting their newly launched Amazon EKS offering. We are giving a sneak peek of th...

0.1AI score
Exploits0
cve
cve
added 2018/05/18 6:0 p.m.71 views

CVE-2018-1000400

KVE- CVE-2018-1000400 affects Kubernetes CRI-O prior to 1.9. The vulnerability arises from a Privilege Context Switching Error in handling ambient capabilities, allowing containers to run with elevated privileges. The initial description notes exploitation via container execution and a fix in 1.9...

8.8CVSS8.6AI score0.02109EPSS
Exploits0References2Affected Software1
qualysblog
qualysblog
added 2018/03/29 4:0 p.m.47 views

Securing your Cloud and Container DevOps Pipeline

Organizations are aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, upping the ante for InfoSec teams, which must protect these new environments. Driving this growth in cloud computing adoption is its essential role in digital...

7.2AI score
Exploits0
ubuntucve
ubuntucve
added 2018/03/13 5:29 p.m.26 views

CVE-2017-1002101

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type including non-privileged pods, subject to file permissions can access files/directories outside of the volume, including the host's filesyste...

9.6CVSS7.1AI score0.11586EPSS
Exploits2References2
trendmicroblog
trendmicroblog
added 2018/02/08 5:59 p.m.14 views

Security Glue Between the Silos of Endpoint, Server, Cloud and Network Security Gets More Critical

Endpoint and Host security techniques have diverged. There used to be considerable similarity between the techniques and tools used to secure desktops, servers, and even networks. Desktops evolved to become Endpoints, as mobile devices proliferated and they were assembled into a collective of bei...

6.9AI score
Exploits0
impervablog
impervablog
added 2018/01/17 4:9 p.m.27 views

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...

7.3AI score
Exploits0
qualysblog
qualysblog
added 2018/01/16 8:34 p.m.22 views

Continuous Security & Compliance Demo Series

This series shows you how to effectively navigate security risks, new regulations and new technologies in support of a secure and compliant digital transformation. Qualys product managers walk you through the new features of Qualys Cloud Platform and Apps and show you how to get maximum leverage...

6.9AI score
Exploits0
pentestit
pentestit
added 2017/08/21 11:13 p.m.61 views

UPDATE: Sysdig Falco v0.7.0

PenTestIT RSS Feed A few months ago, I posted about an open source behavorial activity monitor. It was updated some time ago and we now have update - the Sysdig Falco v0.7.0! What is Sysdig Falco? Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your...

6.8AI score
Exploits0
avleonov
avleonov
added 2017/05/03 4:14 p.m.39 views

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

A top consulting company, Forrester Research, recently published report "Vendor Landscape: Vulnerability Management, 2017". You can read for free by filling a small form on Tenable web site. What's interesting in this document? First of all, Josh Zelonis and co-authors presented their version of ...

7.1AI score
Exploits0
amazon
amazon
added 2017/01/10 12:0 a.m.50 views

Important: docker

Issue Overview: It was discovered that runC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file descriptors of these new processes during the initialization,...

6.4CVSS7.3AI score0.00377EPSS
Exploits0
ubuntu
ubuntu
added 2016/11/23 5:33 p.m.53 views

USN-3136-1: LXC vulnerability

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container...

9.1CVSS8.1AI score0.02813EPSS
Exploits0
redhat
redhat
added 2016/11/03 4:51 p.m.6 views

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...

7.8CVSS7.1AI score0.00388EPSS
Exploits0References4
Rows per page
Query Builder