Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

Addressing Cloud Identity Risks With TotalCloud CIEM

As organizations continue to embrace multi-cloud environments, leveraging platforms such as Amazon Web Services AWS, Microsoft Azure, Google Cloud Platform GCP, and Oracle Cloud Infrastructure OCI, the complexity of cloud security has increased exponentially. In cloud environments, machines are...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.2 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.1 bug fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

HHS OIG Report Underscores Challenges of Securing the Cloud

On July 22, 2024, HHS Health and Human Services OIG published a report identifying a need for the Department of Health and Human Services, Office of the Secretary HHS OS to improve key security controls to better protect cloud information systems. The report, while focused on HHS OS, underscores...

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves...

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence AI and machine learning ML technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

BIT-MINIO-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

BIT-MINIO-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

BIT-MINIO-2023-28432 Minio Information Disclosure in Cluster Deployment

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...

BIT-MINIO-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However,...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

Dell DM5500 Authentication Error Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an Authentication Error vulnerability that originates from incorrect authentication of the system and can be...

Dell DM5500 Operating System Command Injection Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an operating system command injection vulnerability that stems from a failure to properly filter construct...

Dell DM5500 Cross-Site Scripting Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escapin...

Dell DM5500 Buffer Overflow Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a buffer overflow vulnerability that originates from a boundary error when processing untrusted input in PPOE,...

Dell DM5500 Elevation of Privilege Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an elevation of privilege vulnerability that can be exploited by an attacker to escape a restricted shell and...

Dell DM5500 Path Traversal Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a path traversal vulnerability that stems from a failure to properly filter special elements in the path of a...