Summary

Total Articles Found: 9

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!
  • Compromising Read-Only Containers with Fileless Malware
  • Detecting and Mitigating CVE-2022-22963: Spring Cloud RCE Vulnerability
  • 5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786
  • Threat news: TeamTNT targeting misconfigured kubelet
  • ISTIO-SECURITY-2023-001
  • CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
  • CVE-2022-0492: Privilege escalation vulnerability causing container escape
  • ISTIO-SECURITY-2022-003

ISTIO-SECURITY-2023-001

Published: 2023-04-04 00:00:00

Popularity: None

Author: None

Keywords:

  • CVE
  • Disclosure Details CVE(s) CVE-2023-27496 CVE-2023-27488 CVE-2023-27493 CVE-2023-27492 CVE-2023-27491 CVE-2023-27487 CVSS Impact Score 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Releases All releases prior to 1.15.0 1.15.0 to 1.15.6 1.16.0 to 1.16.3 1.17.0 to 1.17.1 CVE Envoy CVEs CVE-2023-27487: (CVSS Score 8.2, High): Client may fake the header x-envoy-original-path. CVE-2023-27488: (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. CVE-2023-27491: (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers. CVE-2023-27492: (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter. CVE-2023-27493: (CVSS Score 8.1, High): Envoy doesn’t escape HTTP header values. CVE-2023-27496: (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter. Am I Impacted? You may be at risk if you have an Istio gateway or if you use external istiod.

    ...more

    5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786

    Published: 2022-11-01 20:56:39

    Popularity: 2

    Author: Michael Clark

    Keywords:

  • CVE
  • The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on Oct. 25, which affect all OpenSSL v3 versions... The post 5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786 appeared first on Sysdig.

    ...more

    Threat news: TeamTNT targeting misconfigured kubelet

    Published: 2022-09-19 17:13:09

    Popularity: 1

    Author: Alberto Pellitteri

    Keywords:

  • CVE
  • Kubernetes
  • Sysdig
  • TeamTNT is a prevalent threat actor who has been targeting cloud and virtual environments such as Kubernetes and Docker since... The post Threat news: TeamTNT targeting misconfigured kubelet appeared first on Sysdig.

    ...more

    Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

    Published: 2022-07-19 12:07:10

    Popularity: 92

    Author: Christopher Boyd

    Keywords:

  • Malwarebytes news
  • compromise
  • CVE
  • exploit
  • hijack
  • JavaScript
  • modern wpbakery
  • plugin
  • wordpress
  • LLM Says: "Plugin fail"

    We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.

    ...more

    Compromising Read-Only Containers with Fileless Malware

    Published: 2022-05-03 15:00:00

    Popularity: 30

    Author: Nicholas Lang

    Keywords:

  • CVE
  • Docker
  • Kubernetes
  • Containers provide a number of security features that are not simply available on a normal host. One of those is... The post Compromising Read-Only Containers with Fileless Malware appeared first on Sysdig.

    ...more

    CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

    Published: 2022-03-29 15:51:37

    Popularity: None

    Author: Tim Obezuk

    Keywords:

  • Browser Isolation
  • Remote Browser Isolation
  • RBI
  • Zero Day Threats
  • Zero Trust
  • CVE
  • CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched

    ...more

    Detecting and Mitigating CVE-2022-22963: Spring Cloud RCE Vulnerability

    Published: 2022-03-31 02:02:21

    Popularity: 7

    Author: Stefano Chierici

    Keywords:

  • CVE
  • Falco
  • Sysdig Secure
  • Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The... The post Detecting and Mitigating CVE-2022-22963: Spring Cloud RCE Vulnerability appeared first on Sysdig.

    ...more

    CVE-2022-0492: Privilege escalation vulnerability causing container escape

    Published: 2022-03-09 06:21:16

    Popularity: None

    Author: Stefano Chierici

    Keywords:

  • CVE
  • Falco
  • Sysdig Secure
  • Linux maintainers disclosed a privilege escalation vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and... The post CVE-2022-0492: Privilege escalation vulnerability causing container escape appeared first on Sysdig.

    ...more

    ISTIO-SECURITY-2022-003

    Published: 2022-02-22 00:00:00

    Popularity: None

    Author: None

    Keywords:

  • CVE
  • LLM Says: ""Network breach""

    Disclosure Details CVE(s) CVE-2022-23635 CVE-2021-43824 CVE-2021-43825 CVE-2021-43826 CVE-2022-21654 CVE-2022-21655 CVE-2022-23606 CVSS Impact Score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Releases All releases prior to 1.11.0 1.11.0 to 1.11.6 1.12.0 to 1.12.3 1.13.0 CVE CVE-2022-23635 CVE-2022-23635: (CVSS Score 7.5, High): Unauthenticated control plane denial of service attack. The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially multicluster topologies, this port is exposed over the public internet. Envoy CVEs At this time it is not believed that Istio is vulnerable to these CVEs in Envoy. They are listed, however, to be transparent. CVE ID Score, Rating Description Fixed in 1.13.1 Fixed in 1.12.4 Fixed in 1.11.7 CVE-2021-43824 6.5, Medium Potential null pointer dereference when using JWT filter safe_regex match. Yes Yes Yes CVE-2021-43825 6.1, Medium Use-after-free when response filters increase response data, and increased data exceeds downstream buffer limits. Yes Yes Yes CVE-2021-43826 6.1, Medium Use-after-free when tunneling TCP over HTTP, if downstream disconnects during upstream connection establishment. Yes Yes Yes CVE-2022-21654 7.3, High Incorrect configuration handling allows mTLS session re-use without re-validation after validation settings have changed. Yes Yes Yes CVE-2022-21655 7.5, High Incorrect handling of internal redirects to routes with a direct response entry. Yes Yes Yes CVE-2022-23606 4.4, Moderate Stack exhaustion when a cluster is deleted via Cluster Discovery Service. Yes Yes N/A CVE-2022-21656 3.1, Low X.509 subjectAltName matching (and nameConstraints) bypass. No, next release. No, next release. Envoy did not backport this fix. CVE-2022-21657 3.1, Low X.509 Extended Key Usage and Trust Purposes bypass No, next release. No, next release. No, next release. Am I Impacted? You are at most risk if you are running Istio in a multi-cluster environment, or if you have exposed your istiod externally. Credit We would like to thank Adam Korczynski (ADA Logics) and John Howard (Google) for the report and the fix.

    ...more

    end