Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

logz.io

Hafnium Hacks Microsoft Exchange: Who's at Risk?

Mar 10, 2021 By Eric Thomas In logz.io

Microsoft recently announced a campaign by a sophisticated nation-state threat actor, operating from China, to exploit a collection of 0-day vulnerabilities in Microsoft Exchange and exfiltrate customer data. They’re calling the previously unknown hacking gang Hafnium. Microsoft has apparently been aware of Hafnium for a while — they do describe the group’s historical targets.

Read Post
flowmon

Flowmon Detects Windows DNS SIGRed Exploitation

Mar 8, 2021 By Pavel Minarik In Flowmon

The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020. As the vulnerability allows an attacker to perform remote code execution on Windows Server via DNS, it poses an extremely serious danger and can propagate over the network without user interaction.

Read Post
manageengine

5 reasons integrated patch and vulnerability management mitigates risks swiftly and efficiently

Mar 3, 2021 By Vulnerability Manager Plus In ManageEngine

ESG research on cyber risk management, which involved 340 cybersecurity professionals, revealed that 40 percent felt tracking patch and vulnerability management over time was their biggest challenge.

Read Post

Protecting Against the Unpatched Kubernetes Vulnerability (CVE-2020-8554)

Feb 2, 2021 By Tigera In Tigera
CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.
View Video
jfrog

Stay Alert to Security With Xray and PagerDuty

Feb 2, 2021 By Mahitha Byreddy In JFrog
When it comes to securing your software development against open source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization.
Read Post
ivanti

Using Ivanti Neurons and MobileIron UEM to Handle the Latest iOS, iPadOS, and tvOS Vulnerabilities Proactively

Feb 2, 2021 By James Saturnio In Ivanti

On Tuesday, January 26, 2021, Apple released version 14.4 of its iOS, iPadOS, and tvOS products that included patches for three security vulnerabilities that affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation, as well as Apple TV.

Read Post
sysdig

How to detect sudo's CVE-2021-3156 using Falco

Jan 28, 2021 By Stefano Chierici In Sysdig

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.

Read Post
splunk

Detecting the Sudo Baron Samedit Vulnerability and Attack

Jan 28, 2021 By Ryan Kovar In Splunk

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.