USN-5311-1: containerd vulnerability

Read Time:12 Second

It was discovered that containerd allows attackers to gain access to read-
only copies of arbitrary files and directories on the host via a specially-
crafted image configuration. An attacker could possibly use this issue to
obtain sensitive information.

Read More

usbguard-1.1.0-1.fc37

Read Time:19 Second

FEDORA-2022-1869fe2aec

Packages in this update:

usbguard-1.1.0-1.fc37

Update description:

Automatic update for usbguard-1.1.0-1.fc37.

Changelog

* Thu Mar 3 2022 Radovan Sroka <rsroka@redhat.com> – 1.1.0-1
– rebase to 1.1.0
Resolves: rhbz#2058450
– fixed CVE-2019-25058 usbguard: Fix unauthorized access via D-Bus
Resolves: rhbz#2058466

Read More

Smashing Security podcast #264: Hacked car chargers, Telegram sextortionists, and secret bossware

Read Time:20 Second

Why might Russian EV chargers be displaying an anti-Putin message? Why are Telegram groups sharing sharing explicit images of women without their consent? And who is watching you in the workplace?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Read More

USN-5300-2: PHP vulnerabilities

Read Time:35 Second

USN-5300-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Read More

CNAPP: What Is It and Why Is It Important for Security Leaders?

Read Time:5 Minute, 28 Second

A Cloud-Native Application Protection Platform (CNAPP) offers four key benefits to reduce risk and improve visibility. Here’s what you need to know.

The cloud security market is developing and expanding rapidly, resulting in an increased demand for security tools that can help organizations secure their cloud infrastructure and applications. Cloud security tools can help infosec and DevOps pros boost productivity and identify software vulnerabilities, allowing organizations to remain agile in development while strengthening security throughout the software lifecycle process.

However, maintaining a large inventory of security tools introduces its own set of challenges, with “tool sprawl” adding complexity. According to CSO Online, the average enterprise uses 75 security tools to secure its network. As any security leader will likely tell you, the more tools used, the more challenges arise.

Having a plethora of security tools to manage can introduce new risks, as a hacker could exploit a vulnerability in a tool that has been left unpatched. Having too many security tools can also reduce threat response time by making it more challenging for response teams to gather the necessary data and wade through all manner of alerts before they can understand an attack and take appropriate action to remediate it. In short, tool sprawl is time consuming and costly.

How a Cloud-Native Application Protection Platform can help

According to Gartner® “Innovation Insight for Cloud Native Application Protection Platforms report,” “CNAPPs are an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.”

A CNAPP can be used to consolidate security tools while providing increased visibility into enterprise workloads and offering improved control over security and compliance risks in cloud environments.

The four key benefits of a CNAPP

A CNAPP provides end-to-end cloud native application protection. With a CNAPP, security teams can identify and remediate the most critical security risks while maintaining a holistic approach to address vulnerabilities in cloud environments. There are four key benefits that come with implementing a CNAPP:

Increased visibility. A CNAPP provides security teams with visibility and insights they can use to assess and prioritize the risks their cloud applications have been exposed to. Additionally, with improved visibility, security teams can strengthen their organization’s security posture.

Improved compatibility. Point security tools that are focused on remediating a specific issue or application often have limited compatibility with other tools. By contrast, compatibility is one of the great benefits of a CNAPP, as they are cloud-native and can be applied to any workload. With a CNAPP, improved compatibility enables better functionality of cloud workloads.

Earlier detection. A CNAPP can scan and fix issues much earlier in the pipeline than many point security tools. Since CNAPP provides improved visibility into cloud workloads, security teams can identify misconfigurations or compliances issues before production. This means teams can quickly identify and prioritize the biggest security risks and take action to resolve the issues before they cause significant disruption.

Extensive Automation. A CNAPP is integrated into continuous integration/continuous development (CI/CD) pipelines, where it automatically and continuously scans development and production environments for vulnerabilities and threats throughout the entire lifecycle process. With a CNAPP, risk detection and compliance are automated, giving security teams a reduced workload so they can can focus on expanding their cloud infrastructure while strengthening security simultaneously.

3 key components and capabilities to look for in a CNAPP

A CNAPP is typically a combination of three main components: Cloud Security Posture Management (CSPM), Cloud-Native Infrastructure Entitlement Management (CIEM), and Cloud Workload Protection Platforms (CWPP).  

Cloud Security Posture Management (CSPM). CSPM enables enterprises to proactively identify and eliminate any issues, such as misconfigurations and other vulnerabilities, by continuously monitoring security risks across the entire lifecycle. It works to provide unified visibility into cloud workloads to prevent cybercriminals from committing attacks. CSPM continuously scans and assesses cloud environments, surfacing potential threats ensuring adherence to compliance policies and reducing drift. However, if drift does occur, actions can be taken automatically to remediate drift through automation. With CSPM, security teams can be proactive instead of reactive, allowing them to put the proper processes in place to ensure infrastructure is secure and resilient throughout the entire lifecycle.

Cloud Infrastructure Entitlement Management (CIEM). CIEM helps teams discover all the identities in the cloud infrastructure, providing visibility into how many users, accounts or services exist across cloud providers. It enables teams to understand the privileges being used (and not being used) by the various identities, which reduces risks and prevents identity sprawl. With CIEM, teams can effectively monitor all cloud identities and their entitlements and maintain the least privilege. This allows security teams to protect identities against excessive permissions and quickly respond to any threats from permissions that are abused. As a result, by maintaining the least privilege, enterprises can significantly reduce the risk of internal and external breaches.

Cloud Workload Protection Platform (CWPP). CWPP protects cloud workloads against cyberattacks across multiple cloud environments. It provides full visibility into cloud workloads, enabling teams to detect and scan vulnerabilities and respond faster to any active threats. With CWPP, security is automated and allows teams to continue development without slowing down the speed of delivery. In other words, CWPPs supports continuous integration and continuous delivery of workflows. CWPP provides protection for all cloud workloads, including physical servers, virtual machines (VMs), containers, and serverless workloads.

Source: Gartner, “Innovation Insight for Cloud Native Application Protection Platforms”, Neil MacDonald, Charlie Winckless, August 25, 2021.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Learn More About Tenable.cs, Tenable’s Cloud-Native Application Protection Platform

At Tenable, we recognize the value of embracing a CNAPP as a way for organizations to innovate in the cloud with confidence. It incorporates all the security solutions that future cloud workloads need. With Tenable.cs, we deliver an integrated, end-to-end solution to help organizations protect their cloud environments. It provides a complete picture of cyber risks across the modern attack surface, with unified visibility into code, configurations, assets and workloads. Learn more about Tenable.cs and how our platform delivers full lifecycle cloud-native security, enabling organizations to remain agile while reducing risks, focused on IaC.

Learn More

Read the blog: Tenable Launches Suite of New Product Features to Deliver Full Lifecycle Cloud Native Security
Download the whitepaper: Using Auto Remediation to Achieve DevSecOps
Read the blog: What is IaC? Why Does It Matter to the CISO?

Read More