Vulnerability management explained

Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment. To proactively address vulnerabilities before they are utilized for a cyberattack, organizations serious about the security of their environment perform vulnerability management to provide the highest levels of security posture possible.


Risk-Based Vulnerability Remediation with SaltStack

There’s an old saying that pops up on my radar every few months. I’ll usually see it while scrolling through my feed on Linkedin or occasionally, I’ll see it framed on someone’s office wall. If you don’t prioritize your life, someone else will. This statement is especially true when it comes to infrastructure vulnerabilities. If you don’t prioritize them right, an attacker will prioritize them for you.


Mitigating CVE-2020-10749 in Kubernetes Environments

A vulnerability that might enable a man-in-the-middle attack on Kubernetes clusters, CVE-2020-10749, was disclosed a few days ago. This vulnerability is not in Kubernetes itself but rather in certain container networking implementations – IPv4-only clusters using affected implementations are vulnerable. The vulnerability allows for man-in-the-middle (MITM) attacks, where an attacker can intercept network traffic to a pod in a Kubernetes cluster and impersonate it to clients.


What Does Successful Vulnerability Discovery Look Like?

If you’re developing software, you need quality assurance (QA) and you need a way to manage vulnerability discovery. These are two distinctly different streams. QA focuses on bugs or problems which cause things to break or prevent functionality from behaving the way it’s meant to. The QA process tests the software to ensure all features are working properly. You’re following a defined requirements list, making it a bounded exercise. This isn’t to say the QA process is easy.


June 2020 Open Source Security Vulnerabilities Snapshot

It’s time for June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities. In hopes of giving you this month-at-a-glance summary of current trends in the open source ecosystem, our trusted research team reviewed the new open source security vulnerabilities published in May and collected by the WhiteSource database.


New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements

The recent MiTM attack disclosed was a very unusual one in the Container Security world. All at the same time, Kubernetes, Docker, and Calico announced security bulletins related to IPv6 Rogue Router Advertisements. There are several security bulletins here because this isn’t a single vulnerability in one product - rather, multiple independent CNIs are all vulnerable. IPv6 Router Advertisements are a fairly obscure topic, yet this vulnerability is definitely worth understanding.


New Kubernetes Control Plane Vulnerability (CVE-2020-8555)

A security issue was discovered in Kubernetes and disclosed on June 1, 2020 as CVE-2020-8552. The vulnerability enables an attacker to gain access to data from services that are connected to the host network of the cluster’s manager, and although the attack is not simple to execute, it can remotely bypass authorization controls and break confidentiality.

Vulnerability Prioritization Through The Eyes Of Hackers

Software development teams are constantly bombarded with an increasingly high number of security alerts. Unfortunately, there is currently no agreed-upon strategy or a straightforward process for vulnerabilities' prioritization. This results in a lot of valuable development time wated on assessing vulnerabilities, while the critical security issues remain unattended.