360 matches found
IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more th...
Man-in-the-Middle (MitM)
Kubevirt/virt-cdi-importer is vulnerable to man-in-the-middle attacks. A remote unauthenticated attacker could exploit in the TLS Certificate Validation component since it disables TLS certificate validation when importing data into PVCs from container registries, allowing attackers to sniff or...
openSUSE Security Update : singularity (openSUSE-2019-811)
Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...
openSUSE Security Update : containerd / docker and go (openSUSE-2019-1044)
This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...
Input validation
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0–1.5.3, were reported to disable TLS certificate validation when importing data into PVCs from container registries, enabling potential man-in-the-middle attacks that could tamper with trusted container image content. The affected component is the virt-cd...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
CVE-2019-3841
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...
Authorization Bypass
atomic-openshift is vulnerable to authorization bypass attacks. The vulnerability exists as the OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from...
SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1)
This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd bsc1102522, bsc1113313 Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 Enable seccomp support on SLE12 fate325877 Update to...
openSUSE Security Update : containerd / docker and go (openSUSE-2018-1626)
This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...
Security update for containerd, docker and go (important)
This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to container...
Singapore's Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen
Singapore's largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary...
CVE-2017-15137
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
CVE-2017-15137
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
ICANN Postpones Scheduled DNS Crypto Key Rollover
ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System. ICANN said in a statement that the change was to occur on Oct. 11, but new data indicates that a “significant number” of...
Nmap NSE net: whois
Queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. In using this script your IP address will be sent to iana.org. Additionally your address and the address of the target of the...
Nmap NSE: WHOIS
This script queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. This is a wrapper on the Nmap Security Scanner's http://nmap.org whois.nse. OpenVAS Vulnerability Test $Id:...
Attackers Buying Own Data Centers for Botnets, Spam
The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the...