Beyond Crash: Hijacking Your Autonomous Vehicle for Fun and Profit

Autonomous Vehicles AVs, especially vision-based AVs, are rapidly being deployed without human operators. As AVs operate in safety-critical environments, understanding their robustness in an adversarial environment is an important research problem. Prior physical adversarial attacks on vision-bas...

EUVD-2022-6001

Malicious code in bioql PyPI...

GHSA-9394-XFQ9-6QRP Calico vulnerable to pod route hijacking

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

Calico vulnerable to pod route hijacking

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

Input validation

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

CVE-2022-28224

CVE-2022-28224 affects Calico across clusters using Calico ≤ 3.22.1 and Calico Enterprise ≤ 3.12.0. The issue allows a privileged attacker to set a floating IP annotation on a pod without the feature being enabled, due to insufficient validation, potentially intercepting and rerouting traffic to ...

CVE-2022-28224 Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

Tigera Calico 输入验证错误漏洞

Tigera Calico is an open source network security solution for container, virtual machine and host workloads from US-based Tigera. A security vulnerability exists in Tigera Calico version 3.22.1 and earlier, and Calico Enterprise version 3.12.0 and earlier, which stems from vulnerability to route...

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.41 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.35 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...

Dennis Fisher and Mike Mimoso Discuss Do Not Track, We Are the Cavalry and more

Dennis Fisher and Mike Mimoso discuss the major security stories of the last two weeks, including the BGP route hijacking, why Do Not Track doesn’t work and the We Are the Cavalry movement. Download: digitalunderground135.mp3...