Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation

The microservice bombshells that have been linked with the microservice expansion have altered the application architectures, offered agility and scalability in terms of complexity in security trade-offs. Feeble legacy-based perimeter-based policies are unable to offer safeguard to distributed...

EUVD-2022-7256

Malicious code in bioql PyPI...

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

CVE-2022-23635 Unauthenticated control plane denial of service attack in Istio

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...