Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Confidential cluster: Running Red Hat OpenShift clusters on confidential nodes

This is the first of a series of articles in which we will share how confidential computing (a set of hardware and software technologies designed to protect data in use) can be integrated into the Red Hat OpenShift cluster. Our goal is to enhance data security, so all data processed by workloads running on OpenShift can remain confidential at every stage.In this article, we will focus on the public cloud and examine how confidential computing with OpenShift can effectively address the trust issues associated with cloud environments. Confidential computing removes some of the barriers that high

Red Hat Blog
Open in Source
#ios#mac#red_hat#git#kubernetes#intel#amd#auth#ssl
Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

The Ultimate Guide to Designing a Logo Online: Tools, Tips, and Tricks

A logo is more than just a visual element—it’s the cornerstone of your brand identity. It communicates your…

'Bootkitty' First Bootloader to Take Aim at Linux

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data.

GHSA-h924-8g65-j9wg: Traefik's X-Forwarded-Prefix Header still allows for Open Redirect

### Impact There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary The previously reported open redirect ([GHSA-6qq8-5wq3-86rp](https://github.com/traefik/traefik/security/advisories/GHSA-6qq8-5wq3-86rp)) is not fixed correctly. The safePrefix function can be tricked to return an absolute URL. ### Details The Traefik API [dashboard component](https://github.com/traefik/traefik/blob/master/pkg/api/dashboard/dashboard.go) tries to validate that the value of the header X-Forwarded-Prefix is a site relative path: ```go http.Redirect(resp, req,...

Incident Response Playbooks: Are You Prepared?

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.