Fedora: Security Advisory (FEDORA-2024-80e062d21a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-CILIUM-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

BIT-CILIUM-OPERATOR-2023-27595 Cilium eBPF filters may be temporarily removed during agent restart

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...

BIT-CILIUM-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

By Deeba Ahmed Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements...

CVE-2024-28250

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

IBM PowerSC Explains Conflict Vulnerabilities

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an interpretation conflict vulnerability that stems from not using a secure HTTP method, which could be exploited by an attacker to perform unauthorized...

IBM PowerSC Information Disclosure Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an information disclosure vulnerability vulnerability that stems from not using proper account lockout settings, which can be exploited by an attacker to...

CVE-2024-25631 Unencrypted traffic between pods when using Wireguard and an external kvstore

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

CVE-2024-25630 Cilium has unencrypted ingress/health traffic when using Wireguard transparent encryption

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

Case Study: The Cookie Privacy Monster in Big Global Retail

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn't anything malicious, but with modern web environments being so complex, mistakes can happen, and...

IBM Security Access Manager Appliance Access Control Error Vulnerability (CNVD-2024-06217)

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from International Business Machines IBM. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. An Acce...

ThreatDown earns highest ratings across EDR and MDR categories in G2 Winter 2024 results

The peer-to-peer review source G2 has released its Winter 2024 reports, ranking ThreatDown products on top across several Endpoint Detection and Response EDR and Managed Detection and Response MDR categories. Based on verified customer reviews, ThreatDown EDR was voted a Leader in the overall and...

A week in security (December 18 – December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

Raftt is Now Part of Wiz! Together We Are Empowering Developers.

Wiz is committed to building a solution that security and development teams want. With the acquisition of Raftt, we’re gaining velocity on that journey...

When Maximum Effort Doesn't Equate to Maximum Results

It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners. The trick is...

Qualys Named a Leader in KuppingerCole CSPM Report

Cloud Security Posture Management CSPM is a crucial requirement in cloud security. CSPM is all about identifying misconfiguration issues and compliance risks in cloud environments. Since cloud misconfigurations are the leading cause of data breaches, you want an excellent CSPM solution on your...

CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud

Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...

opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

Summary Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. Details HTTP method for requests can be easily set by an attacker to be random and long. PoC Send many...

CVE-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...