People have always been susceptible to a deal that is too good to be true. In the 1800s, American con man George C. Parker was best known for his repeated successes in "selling the Brooklyn Bridge” to the unwary. Then, in the 1900s it became popular to sell "valuable" Florida real estate that turned out to be swampland.

“Aren’t you a little short for a Stormtrooper?” In this iconic Star Wars moment, Princess Leia lazily responds to Luke Skywalker, disguised as one of her Stormtrooper captors and using authentication information to open her cell. In other words, Star Wars acts as an analogy for a cross-site request forgery (CSRF) attack. In a CSRF attack, malicious actors use social engineering so that end-users will give them a way to “hide” in their authenticated session.

Cyber supply chain risk management (C-SCRM) is the process of identifying, assessing, and mitigating cybersecurity risks associated with an organization’s supply chain. Supply chains comprise multiple attack vectors, ranging from procurement tools to suppliers, developers, and third-party services. The complexity of this attack surface warrants a risk management strategy focused on supply chain risks as an extension to an existing third-party risk management program.

It’s almost time for KubeCon North America, and we’re excited to share the latest updates in Calico. These updates improve network and runtime security, make it easier to use, and extend Calico’s strong network security and observability for Kubernetes to VMs and hosts that are not part of Kubernetes clusters.

In this two part blog post we will take a deeper look at eBPF and some of its known vulnerabilities. After a quick introduction to eBPF, how it and its ecosystem works, common attacks, we will talk about how automation and fuzzing can help you to harden your eBPF applications.

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.