A high-risk vulnerability that could allow attackers to steal sensitive information secrets from software projects was found and fixed in Argo CD, a widely used continuous delivery platform for applications deployed via Kubernetes.
According to researchers from cloud application security Apiiro, who found and reported the vulnerability, attackers could feed a maliciously crafted Kubernetes application deployment configuration file to Argo that can expose files, environment settings and secret tokens from the central repository server. This could potentially lead to privilege escalation and further lateral movement into the organization’s cloud infrastructure.
To read this article in full, please click here
More Stories
Deepfake Defense: Your 8-Step Shield Against Digital Deceit
A disturbing story out of western Spain spotlights challenges of technological evolution. Unwitting children and teenagers were victims of users...
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with...
Safer AI: Four Questions Shaping Our Digital Future
Depending on the day’s most popular headlines, AI is either a panacea or the ultimate harbinger of doom. We could...
UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation
Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine,...
New Bluetooth Attack
New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade....
ICO Warns of Fines for “Nefarious” AI Use
UK privacy regulator, the information commissioner, says illegal use of AI will be punished with fines Read More