While most of the work in the Istio Product Security Working Group is done behind the scenes, we are listening to the community in setting expectations for security releases. We understand that it is difficult for mesh administrators, operators and vendors to be aware of security bulletins and security releases. We currently disclose vulnerabilities and security releases via numerous channels: istio.io via our Release Announcements and Security Bulletins Discuss announcements channel on Slack...| Istio Blog
Our team hacks space heater firmware updates over wifi in the latest Include Security blog post. We break down, literally and figuratively, each step of the attack to demonstrate how anonymous users on the same wireless network as an affected space heater could overwrite its firmware causing it to behave in unpredictable and potentially dangerous ways!| Include Security Research Blog
Threat Actors like the Typhoon Crews from China, are using simple techniques to penetrate networks. Do not ignore.| SENKI
Do you have a customer whose printer ports are open and vulnerable and can now be used for DDoS? Is your network’s “Internet Print Protocol” (IPP) port open and ready for exploitation? Last week, the Shadowserver Foundation alerted a “large increase in queries on 631/UDP seen in our sensors due to recent CUPS RCEs disclosure. Read More| SENKI
No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More| SENKI
If you follow the May 10, 2024, Black Basta “critical action” recommendations, you will most likely be exposed and potentially exploited by the threat actors. Read through the #StopRansomware: Black Basta AA-24-131A and HS-ISAC Black Basta Threat Actor Emerges as a Major Threat to the Healthcare Industry. Then take a step back and mitigate/remediate the Read More| SENKI
While most of the work in the Istio Product Security Working Group is done behind the scenes, we are listening to the community in setting expectations for security releases. We understand that it is difficult for mesh administrators, operators and vendors to be aware of security bulletins and security releases. We currently disclose vulnerabilities and security releases via numerous channels: istio.io via our Release Announcements and Security Bulletins Discuss announcements channel on Slack...| Istio Blog
Discover the main takeaways from our conversation on product security with Jacob Salassi, Director of Product Security at Snowflake.| Escape DAST - Application Security Blog