25 matches found
EUVD-2025-0141
Malicious code in bioql PyPI...
GHSA-756X-M4MJ-Q96C Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...
CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...
CVE-2025-24784
CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...
CVE-2024-4843
CVE-2024-4843 affects Trellix ePolicy Orchestrator (ePO). Publicly cited documents describe insecure direct object references that let a least-privileged user manipulate client tasks and client task assignments, enabling privilege escalation. The NVD/NVD-derived entries describe impact as insuffi...
CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report
In an ongoing effort to help security organizations stay competitive, we’re pleased to offer this complimentary Gartner® report, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete. The research in the report demonstrates the need for Cloud Infrastructure Entitlement...
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)
Description of the security update for SharePoint Foundation 2013: October 11, 2022 KB5002284 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
Description of the security update for SharePoint Server Subscription Edition: October 11, 2022 (KB5002290)
Description of the security update for SharePoint Server Subscription Edition: October 11, 2022 KB5002290 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsof...
Security Bulletin: Storwize V7000 Unified documentation update available for configuration of Storwize V7000 Unified with LDAP authentication (CVE-2012-0706)
Abstract Storwize V7000 Unified includes a version of the LDAP client which stores the username and the password of the LDAP user in clear text in the local file system. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0706 DESCRIPTION: Storwize V7000 Unified requires LDAP username called binddn a...
3 Key Challenges for Cloud Identity and Access Management
Identity and access management IAM is one of the most critical tools for today's cloud-centric environment. Businesses' IT architectures have become more highly distributed than ever, and users need to access a growing suite of cloud services on demand. Determining the identities of users and...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...
Adopting a Zero Trust approach throughout the lifecycle of data
Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...
The Gap in Your Zero Trust Implementation
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust...
Zero Trust Adoption Report: How does your organization compare?
From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...
How to secure your hybrid work world with a Zero Trust approach
We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clear...
Artica Pandora FMS File Containment Vulnerability
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote file inclusion vulnerability exists in Artica Pandora FMS version 742, which can be exploited by a least privileg...
Artica Pandora FMS 安全漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote file inclusion vulnerability exists in Artica Pandora FMS version 742, which can be exploited by a least privileg...
Learn How to Manage and Secure Active Directory Service Accounts
There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...
Why operational resilience will be key in 2021, and how this impacts cybersecurity
The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...