On November 1st, Dropbox disclosed a security breach where the attackers stole over 130 code repositories after gaining access to one of the employee’s GitHub accounts using the stolen credentials of that employee via a well-designed phishing attack.

What is different about cloud log management versus on-premises? The answer may seem simple, but several elements such as CloudTrail vs. CloudWatch come into play. In this article, we will cover some of the most important differences, and then dig deeper into a specific example of AWS CloudTrail vs. CloudWatch.

The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on October 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7 which was released November 1. OpenSSL 1.X versions are unaffected by the vulnerabilities.

This is a work-in-progress blog post. It will be updated when more information is available. For more detailed information about the vulnerability, see the How the Critical OpenSSL Vulnerability may affect Popular Container Images blog post. A critical vulnerability with an expected high or critical severity rate of CVSS score is about to be announced on November 1st on the OpenSSL project. There are still no details besides an announcement on the OpenSSL mailing list on October 25th.

The big news this week is that a new CRITICAL OpenSSL vulnerability will be announced on November 1st, 2022. Critical-severity OpenSSL vulnerabilities don’t come along every day – the last was CVE-2016-6309, which ended up only affecting a single version of the software. The more famous vulnerability, known as Heartbleed, came out in 2014. Will this be more like Heartbleed or the vulnerability in 2016? We will soon find out.

The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration and deployment (CI/CD) service providers; including GitHub, Heroku, Buddy.works, and others to build, run, scale, and operate their massive cloud operation. Because no one has yet reported on this activity and its techniques, we are going to refer to this cluster of activity as PURPLEURCHIN.

A new critical vulnerability CVE-2022-42889 a.k.a Text4shell, similar to the old Spring4shell and log4shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated as a critical 9.8 severity and it is always a remote code execution (RCE) which would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Scanning a container image for vulnerabilities or misconfigurations on your GitLab CI/CD using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitLab CI/CD. Although possible, this procedure is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.