Expectations do not always line up with reality. If you’ve started using infrastructure as code (IaC) to manage your infrastructure, you’re already on your way to making your cloud provisioning processes more secure. But there’s a second piece to the infrastructure lifecycle — how do you know what resources are not yet managed by IaC in your cloud? And of the managed resources, do they remain the same in the cloud as when you defined them in code?

Recently, CVE-2022-0847 was created detailing a flaw in the Linux kernel that can be exploited allowing any process to modify files regardless of their permission settings or ownership. The vulnerability has been named “Dirty Pipe” by the security community due to its similarity to “Dirty COW”, a privilege escalation vulnerability reported in CVE-2016-5195, and because the flaw exists in the kernel pipeline implementation.

Home improvement retailers like Home Depot and Lowes are interesting places. Inside a typical store, one can find everyone from a guy looking to replace a leaky pipe, a couple shopping for new appliances, or a large contractor picking up hundreds of pieces of sheetrock for a major project. Trustwave's Security Colony is the cybersecurity version of a home improvement store. Security Colony is essentially a self-help site.

Alert overload is practically a given for security teams today. Analysts are inundated with new detections and events to triage, all spread across a growing set of disparate, disconnected security tools. In fact, they’ve burgeoned to such an extent that the average enterprise now has 45 cybersecurity-related tools deployed across its environment.

There has been a lot of talk about cyber weapons and the cyber dimension of global politics after the NotPetya and WannaCry attacks of 2017 and the Stuxnet worm, first discovered in 2010, when it was used to attack the control mechanisms of Iran’s uranium enriching centrifuges.

Right on the heels of CVE-2022-4092, another local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” by the discoverer. MITRE has designated this as CVE-2022-0847. Similar to the “Dirty COW” exploit (CVE-2016-5195), this flaw abuses how the Kernel manages pages in pipes and impacts the latest versions of Linux.

The Russian invasion of Ukraine has triggered an escalation in the number of state-sponsored actors targeting critical infrastructure with DDoS attacks. Criminal syndicates and smaller players are also exploiting the crisis. From fake fundraising efforts for Ukraine to account takeovers and high-velocity bot-driven attacks such as DDoS, BIN attacks, and terminal attacks, cybercriminals are stepping up their own attacks in an effort to benefit from the turmoil.

A few days ago, security researcher Max Kellermann published a vulnerability named DirtyPipe which was designated as CVE-2022-0847. This vulnerability affects the Linux kernel and if exploited, can allow a local attacker to gain root privileges. The vulnerability gained extensive media follow-up, since it affects all Linux-based systems with a 5.8 or later kernel, without any particular exploitation prerequisites.

The Federal Risk and Authorization Management Program (FedRAMP) has been in place for just over a decade (2011). Its purpose is to provide a “cost-effective, risk-based approach for the adoption and use of cloud services” by the federal government. This is to equip and enable federal agencies to utilize cloud technologies in a way that minimizes risk exposure through security and protection of federal information and processes.

California Consumer Privacy Act is a data privacy regulation established in the US. Achieving and maintaining compliance with the regulation can be overwhelming for organizations. But with the right understanding of the CCPA Compliance regulation and adhering to the compliance requirements, achieving compliance can be easy. So, explaining the regulation in detail we have shared an informative checklist that organizations can refer to as steps to achieve CCPA compliance.