Widely used #Trivy #scanner compromised in ongoing supply-chain #attack
#Hackers have compromised virtually all versions of #AquaSecurity ’s widely used Trivy #vulnerability scanner in an ongoing #supplychain attack that could have wide-ranging consequences for #developers and the organizations that use them.
Trivy maintainer Itay Shakury confirmed the compromise on Friday,
#security #privacy
IBM announced IBM® LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments.
"🔒 Redis Threat Alert: HeadCrab 2.0 Unleashed 🔒"
The latest analysis by Aqua Security unveils HeadCrab 2.0, targeting Redis servers with advanced evasion techniques. HeadCrab 2.0 is an evolved malware targeting Redis servers, significantly more sophisticated than its predecessor. This malware employs a fileless loader mechanism to evade detection, making it harder to spot by hiding its presence on the system. It also uses standard Redis commands for malicious activities, further concealing its operations. Aqua Security researchers have identified a method to detect this malware by scanning for abnormal responses from the infected servers. This discovery can be crucial for cybersecurity efforts and detection. Stay secure! 🛡️
Tags: #CyberSecurity #Redis #Malware #HeadCrab2.0 #InfoSec #AquaSecurity
For an in-depth look, check out Aqua Security's blog.
kube-hunter by Aqua Security is a vulnerability detection tool that significantly enhances the security of Kubernetes clusters.
It offers a variety of scanning options, including remote, stride, and network scanning, for thorough vulnerability detection.
https://github.com/aquasecurity/kube-hunter
#KubeHunter #AquaSecurity #Kubernetes #CyberSecurity #VulnerabilityDetection #TechSecurity #InfoSec
K8 misconfig exposes Fortune 500s’ data
The Reluctant Sysadmin’s Guide to Securing a Linux Server
John maddog Hall’s take on RHELs license changes
A podcast recommendation
K8 misconfig exposes Fortune 500s’ data
Professionally, I work in the security space, and because of that, I’m always interested in hearing about security issues, risks, attacks, or anything really going on in that space. So right now my Infosec exchange feed is full of people traveling to Vegas, of course and a lot of activities directed towards finding and reporting on security issues. One of the most forward companies in the K8 security space is Aqua Security.
The Reluctant Sysadmin’s Guide to Securing a Linux Server
Since we’re talking about security already, why not cover the basics in case you’re someone using a Linux server or workstation somewhere in your network. I am a huge fan of revisiting basics over and over again, just to make sure everyone is getting the same message, consistently and frequently. It deepens and freshens knowledge of any topic. Some call it wax on, wax off or sharpening the saw.
I recently came across The Reluctant Sysadmin’s Guide to Securing a Linux Server and I think it has some great information and is very useful.
John maddog Hall’s take on RHELs license changes
Lots and lots has been written about Red Hat’s changes in releasing source code for RHEL and I talked about it in the last show or two. As with everything, people are calming down after a frenzy of discussion and disagreements and the waters are calming a little bit. The distros competing with RHEL have made their business decisions and are moving on with their lives. An assessment by John maddog Hall is worth noting in this discussion
#podcast #k8 #kubernetes #aquasecurity #redhat #rhel #security #linux
コンテナの歴史を振り返る ~1970から現在まで~ #AquaSecurity #Kubernetes #Container #Security
PrivacyDigest
Hacker News
🛡 
Valdemar
Sascha Siekmann 
けーざい
Anders Eknert
heise online (inoffiziell)