#security (2022-03)

Archive: https://archive.sweetops.com/security/

2022-03-17

Zachary Loeber

https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers attachment image

attachment image

A new vulnerability in the CRI-O engine allows attackers to escape Kubernetes containers and gain root access.

2022-03-19

Jim Park

https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/ TL;DR: open source developer releases protestware in popular node library that wipes computers with russian / belarusian ips.

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus attachment image

attachment image

When code with millions of downloads nukes user files, bad things can happen.

2022-03-21

jaydhulia

https://twitter.com/mg/status/1506109152665382920?s=21

attachment image

Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy. https://pbs.twimg.com/media/FObGSr8VIAcOyh2.jpg

attachment image

https://pbs.twimg.com/media/FObGSr6VIAAzyQO.jpg

2022-03-26

Erik Osterman (Cloud Posse)

https://news.google.com/articles/CAIiEOUivt8gfb_Qn0bW2Ezlk38qFQgEKg0IACoGCAowrqkBMKBFMMGBAg?hl=en-US&gl=US&ceid=US%3Aen

Google Issues Emergency Security Warning For 3.2 Billion Chrome Users—Attacks Underway attachment image

attachment image

Google confirms an emergency Chrome update as attackers strike