16 matches found
EUVD-2025-0141
Malicious code in bioql PyPI...
GHSA-756X-M4MJ-Q96C Kubewarden-Controller information leak via AdmissionPolicyGroup Resource
Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...
CVE-2025-24784
CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...
CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report
In an ongoing effort to help security organizations stay competitive, we’re pleased to offer this complimentary Gartner® report, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete. The research in the report demonstrates the need for Cloud Infrastructure Entitlement...
Security Bulletin: Storwize V7000 Unified documentation update available for configuration of Storwize V7000 Unified with LDAP authentication (CVE-2012-0706)
Abstract Storwize V7000 Unified includes a version of the LDAP client which stores the username and the password of the LDAP user in clear text in the local file system. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0706 DESCRIPTION: Storwize V7000 Unified requires LDAP username called binddn a...
3 Key Challenges for Cloud Identity and Access Management
Identity and access management IAM is one of the most critical tools for today's cloud-centric environment. Businesses' IT architectures have become more highly distributed than ever, and users need to access a growing suite of cloud services on demand. Determining the identities of users and...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...
Adopting a Zero Trust approach throughout the lifecycle of data
Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...
The Gap in Your Zero Trust Implementation
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust...
Zero Trust Adoption Report: How does your organization compare?
From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...
How to secure your hybrid work world with a Zero Trust approach
We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clear...
Why operational resilience will be key in 2021, and how this impacts cybersecurity
The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...
Why operational resilience will be key in 2021, and how this impacts cybersecurity
The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...
Modernize secure access for your on-premises resources with Zero Trust
Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device BYOD scenarios, requiring your organization to extend the bounds of your network to include the entire internet and...
Modernize secure access for your on-premises resources with Zero Trust
Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device BYOD scenarios, requiring your organization to extend the bounds of your network to include the entire internet and...