Istio 安全漏洞

Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in branches from Istio versions 1.15.x through prior to 1.15.3, which stems from the fact that a user with local host access to the Istiod control plane can emulate any workload...

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1, whic...

PT-2022-24509 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue allows a workload identity token to list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Recommendations:...

PT-2022-24947 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.15.x prior to 1.15.3 Description: A user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Recommendations: For versions prior to 1.15.3, upgrade to versi...

CVE-2022-38661 HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash...

CVE-2022-38661 HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash...

CVE-2022-38661

CVE-2022-38661 affects HCL Workload Automation. The connected sources describe a vulnerability in the Jlog component of the Master Domain Manager that could allow a local user to overwrite key system files, potentially crashing the system. NVD lists a local, low-complexity attack with high availa...

Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory Azure AD, part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...

Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory Azure AD, part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...

PT-2022-24511 · Hcl · Hcl Workload Automation

Name of the Vulnerable Software and Affected Versions: HCL Workload Automation affected versions not specified Description: The issue allows a local user to overwrite key system files, which could cause the system to crash. Recommendations: At the moment, there is no information about a newer...

Introducing TotalCloud – Cloud Security Simplified

The shift of business applications and on-premises infrastructure to the cloud has resulted in cloud security teams needing to manage the cyber security risks across the workloads, cloud services, resources, users, and applications. Today, security teams must deal with a set of siloed...

Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post:...

CVE-2022-39330

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Malicious code in example-gke-workload-identity-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf756302a9f2a9488535c736ec75f8361b533b587b93334a3460d149cd2bd128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...