Container images can be exploited by attackers to gain unrestricted access to the container environment and compromise sensitive data. What can you do to secure them?
The best way to deal with a vulnerability is doing what you can to prevent them from happening in the first place. Oftentimes, cyber risk can be managed even through simple and basic security hygiene practices.
Developers have been increasingly targeted by attackers. Compromising a single developer enables attackers to embed malicious code into a company's products. If that product is then used by other companies, the malware can spread to their systems in a supply chain attack.
A Bluetooth authentication bug affecting major devices allows attackers to perform impersonation attacks by spoofing paired devices and stealing sensitive data.
Proposed bill requires American tech companies to put encryption backdoors in their products for law enforcement access which can be potentially exploited by hackers.
Qualys researchers said the 12-year-old memory corruption local privilege escalation vulnerability on polkit's Set User ID program pkexec is easily exploitable by novice attackers and affects every major Linux distribution.
Legal action may be forthcoming for organizations that do not patch Log4j. The FTC has issued an alert that references the Equifax breach (which ended in a settlement of $700 million) as a precedent.
Since patching is problematic and traditional perimeter security is ineffective for Ripple20 vulnerabilities, Zero Trust security may be the right answer.
A 19-year-old "security specialist" has found a vulnerability in third party software used by certain Tesla vehicles, which allows the remote control of certain functions such as the engine and the security system.
A zero-day remote code execution vulnerability in Microsoft Office has come to light, and is considered very serious due to potential for code execution if a victim opens a malicious document in Word.
