InfoQ Homepage Security Vulnerabilities Content on InfoQ
-
Log4Shell Defenses: Java Agents in Conversation with Contrast Security’s Arshan Dabirsiaghi
Due to the critical nature of the systems and to the severe and critical nature of the log4shell vulnerability, an alternative approach to fixing it was required. Java Agents played a crucial role in this defense strategy. InfoQ reached out to Arshan Dabirsianghi, chief scientist and founder of Contrast Security, for a better understanding of their approach.
-
Twelve-Year Old Linux Distros Vulnerability PwnKit Enables Local Privilege Escalation
A recently disclosed vulnerability affecting the PolKit component has been present on several Linux distributions for over 12 years. The vulnerability is easily exploited, says Bharat Jogi, director of the Qualys research team, who discovered it, and allows any unprivileged user to gain full root privileges on a vulnerable host.
-
Cloudflare Report Highlights Staggering Increase in DDoS Attacks in Q4 2021
In keeping with its custom of releasing a quarterly trends report on DDoS attacks, Cloudflare has just published its new findings for Q4 2021, which show a 95% increase in L3/4 DDoS attacks and record-breaking levels of Ransom DDoS attacks.
-
AWS Re-Launches Amazon Inspector with New Architecture and Features
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. It was first launched in 2015, and during the recent re:Invent 2021, AWS re-launched it with brand new architecture and a host of new features such as container-based workloads, integration with Amazon Event Bridge, and Security Hub.
-
Google's Network-Based Threat Detection Service Cloud IDS is Now Generally Available
Recently, Google announced the general availability of its Cloud IDS for network-based threat detection. This core network security offering helps detect network-based threats and helps organizations meet compliance standards that call for an intrusion detection system.
-
Vulnerability Affecting Multiple Log4j Versions Permits RCE Exploit
On December 9th, it was made public on Twitter that a zero-day exploit had been discovered in log4j, a popular Java logging library. All the library’s versions between 2.0 and 2.14.1 included are affected. Log4j 2.15.0 has been released, which no longer has this vulnerability. As the POC published on GitHub points out, when log4j logs an attacker-controlled string value it can result in an RCE.
-
New Side-Channel Vulnerability in the Linux Kernel Enabling DNS Cache Poisoning
A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers.
-
Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates
Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.
-
Dynamic Process Isolation Helps Cloud System to Defend Against Spectre
Dynamic process isolation, a technique developed at Cloudflare to safeguard their systems from Spectre-like attacks, provides effective protection and fully mitigates Spectre attacks between multiple tenants, a Cloudflare-Graz University joint research has recently shown.
-
Facebook Mariana Trench Helps Developers to Find Vulnerabilities in Android and Java Apps
Recently open-sourced by Facebook, Mariana Trench (MT) aims to help developers identify and prevent security and privacy bugs in Android and Java applications.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
Is CVE the Solution for Cloud Vulnerabilities?
At the recent Black Hat USA 2021, security experts from cloud infrastructure company Wiz argued that a CVE database for cloud vulnerabilities is needed, starting a debate in the cloud and cybersecurity communities.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
-
Infrastructure Vulnerability Scanner Checkov Adds Context Aware Assessments
Bridgecrew has announced the first 2.x version of Checkov. Checkov is an open-source scanner for infrastructure as code (IaC). The 2.0 release includes a re-architected backend that is now graph-based allowing for better processing of multi-resource queries. There has also been an increase in coverage with the addition of nearly 250 new policies.