Common security misconfigurations and remediations

A misconfiguration is exactly what it sounds like; something that is wrongly configured. From a security perspective this can be either fairly harmless, or in the worst case devastating. We have written about misconfigurations before, both here and here. Misconfigurations may derive from many different reasons, such as: Hackers often exploit misconfigurations, since this can have a huge security impact.


I Have Antivirus; I'm Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”. Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. However, “Power Button Locator” is just one of my jobs. Windows won’t boot up?


Vulnerability management explained

Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment. To proactively address vulnerabilities before they are utilized for a cyberattack, organizations serious about the security of their environment perform vulnerability management to provide the highest levels of security posture possible.


Risk-Based Vulnerability Remediation with SaltStack

There’s an old saying that pops up on my radar every few months. I’ll usually see it while scrolling through my feed on Linkedin or occasionally, I’ll see it framed on someone’s office wall. If you don’t prioritize your life, someone else will. This statement is especially true when it comes to infrastructure vulnerabilities. If you don’t prioritize them right, an attacker will prioritize them for you.


Mitigating CVE-2020-10749 in Kubernetes Environments

A vulnerability that might enable a man-in-the-middle attack on Kubernetes clusters, CVE-2020-10749, was disclosed a few days ago. This vulnerability is not in Kubernetes itself but rather in certain container networking implementations – IPv4-only clusters using affected implementations are vulnerable. The vulnerability allows for man-in-the-middle (MITM) attacks, where an attacker can intercept network traffic to a pod in a Kubernetes cluster and impersonate it to clients.


What Does Successful Vulnerability Discovery Look Like?

If you’re developing software, you need quality assurance (QA) and you need a way to manage vulnerability discovery. These are two distinctly different streams. QA focuses on bugs or problems which cause things to break or prevent functionality from behaving the way it’s meant to. The QA process tests the software to ensure all features are working properly. You’re following a defined requirements list, making it a bounded exercise. This isn’t to say the QA process is easy.


June 2020 Open Source Security Vulnerabilities Snapshot

It’s time for June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities. In hopes of giving you this month-at-a-glance summary of current trends in the open source ecosystem, our trusted research team reviewed the new open source security vulnerabilities published in May and collected by the WhiteSource database.


New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements

The recent MiTM attack disclosed was a very unusual one in the Container Security world. All at the same time, Kubernetes, Docker, and Calico announced security bulletins related to IPv6 Rogue Router Advertisements. There are several security bulletins here because this isn’t a single vulnerability in one product - rather, multiple independent CNIs are all vulnerable. IPv6 Router Advertisements are a fairly obscure topic, yet this vulnerability is definitely worth understanding.