#security (2022-03)

Archive: https://archive.sweetops.com/security/


Zachary Loeber avatar
Zachary Loeber
New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containersattachment image

A new vulnerability in the CRI-O engine allows attackers to escape Kubernetes containers and gain root access.


Jim Park avatar
Jim Park

https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/ TL;DR: open source developer releases protestware in popular node library that wipes computers with russian / belarusian ips.

Sabotage: Code added to popular NPM package wiped files in Russia and Belarusattachment image

When code with millions of downloads nukes user files, bad things can happen.


jaydhulia avatar
attachment image

Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy. https://pbs.twimg.com/media/FObGSr8VIAcOyh2.jpg