#security (2019-10)

Archive: https://archive.sweetops.com/security/

2019-10-10

sarkis avatar
sarkis
03:08:19 PM

https://thenewstack.io/kubernetes-billion-laughs-vulnerability-is-no-laughing-matter/

Kubernetes 'Billion Laughs' Vulnerability Is No Laughing Matter - The New Stackattachment image

A new vulnerability has been discovered within the Kubernetes API. This flaw is centered around the parsing of YAML manifests by the Kubernetes API server. During this process the API server is open to potential Denial of Service (DoS) attacks. The issue (CVE-2019-11253 — which has yet to have any details fleshed out on the page) has been labeled a ‘Billion Laughs’ attack because it targets the parsers to carry out the attack.

2019-10-15

Richard Pearce avatar
Richard Pearce
09:05:02 AM

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restrictedattachment image

A vulnerability in Sudo, tracked as CVE-2019-14287, could allow Linux users to run commands as root user even when they’re restricted.

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:25:42 PM

Hah was just going to share this

1

2019-10-22

Maciek Strömich avatar
Maciek Strömich
12:12:43 PM

https://www.theinquirer.net/inquirer/news/3082873/avast-ccleaner-hack-comprised-vpn

Avast's internal network was hacked via a compromised VPN profile | TheINQUIRERattachment image

Firm was quick to CClean up after the attack,Security ,VPN,Avast,supply chain attack,Security,ccleaner

Maciek Strömich avatar
Maciek Strömich
12:15:47 PM

from May 2019 someone was trying to hack them and they noticed late Sept. 5 months till discovery for an internet security product vendor

2019-10-23

Maciek Strömich avatar
Maciek Strömich
05:26:14 PM

https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

NordVPN confirms it was hacked – TechCrunchattachment image

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowi…

    keyboard_arrow_up