Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates … Continue reading Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Kubernetes attacks in 2023: What it means for the future

In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy Mesta, CTO at KSOC, explores what it would take to protect against Kubernete… Continue reading Kubernetes attacks in 2023: What it means for the future

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

What AppSec and developers working in cloud-native environments need to know

All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, mak… Continue reading What AppSec and developers working in cloud-native environments need to know

Scarleteel Threat Targets AWS Fargate, Launches DDoS and Cryptojacking Campaigns

The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat. Continue reading Scarleteel Threat Targets AWS Fargate, Launches DDoS and Cryptojacking Campaigns

How to add the Docker Scout feature to the Docker CLI

In this TechRepublic How to Make Tech Work tutorial, Jack Wallen shows you how to add the Docker Scout feature to the Docker CLI.
The post How to add the Docker Scout feature to the Docker CLI appeared first on TechRepublic.
Continue reading How to add the Docker Scout feature to the Docker CLI