When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]

OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH’s server (sshd), known as regreSSHion, has been identified. If a client does not authenticate within the LoginGraceTime (120 seconds by default, 600 seconds in older versions), sshd’s SIGALRM handler is called asynchronously. This signal handler calls functions that […]

AWS announced today, June 17, that there is a potential security issue with archive extraction utilities in DeepJavaLibrary versions 0.1.0 through 0.27.0 that could allow an attacker to tamper with your system. What is DeepJavaLibrary? DJL is a free, open-source library by AWS used for building deep learning models in Java. It provides easy-to-use tools […]

There has been a notable increase in Kubernetes-focused attacks in recent years with the growing adoption of Kubernetes in production environments. According to various reports from cybersecurity firms, Kubernetes vulnerabilities and misconfigurations have become a prime target for attackers, with a significant rise in the number of reported incidents. This highlights the importance of robust […]