Once upon a time, we tried to code policy positions into our programs. It didn’t — it really didn’t — work well. Then in 2016, some developers at a company they called Styra came up with Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments.
Source: Styra Extends Open Policy Agent Security to Public Clouds
Fastly is one of the major CDN vendors globally. As a regular consumer you wouldn’t be aware of their service, until a failure hits. Today the service faced a configuration issue, that apparently hit global pages like NYTimes and Bloomberg, but also Amazon, Reddit and Twitter, as reported in multiple sources. The issue is reported resolved by the vendor as of this writing. Details on their status page:
Fastly’s Status Page – Global CDN Disruption.
VMWare’s vCenter Server is vulnerable to a remote code execution (RCE) vulnerability. That means, an attacker would be able to execute code on any machine with that software reachable from the internet. Executing arbitrary code would also allow malware to replicate, AKA worm. The vulnerability is tracked as CVE-2021-21985.
Code execution flaw in vCenter is exploited to install web shell on unpatched machines.
From the article
Source: This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
Are you using Azure? A newly published Hyper-V bug could possibly crash ‘big portions of Azure cloud infrastructure’.
Security researchers have posted proof of concept code that exploits a recently patched vulnerability in Microsoft’s Hyper-V hypervisor. The bug enables code in the guest to crash the host, and in some circumstances compromise the host’s security.
The Register
Source: Hyper-V bug that could crash ‘big portions of Azure cloud infrastructure’: Code published
You may be worried now.
As advertised by Apple. The company introduced a feature called “App tracking transparency”, that defaults to “do not allow tracking” as of version 14.5, that was released earlier this year. The feature allows device-owners to control which apps can track user behaviour across multiple websites.
Reality is more complex, as always, but it’s still a great ad.
From the “Daily Dystopia Department”: Protect your images from abuse by KI. Headlines that’d be absolutely unthinkable only a decade ago don’t seem to be shocking in the year of the pandemic, 2021.
FossID is a software composition analysis tool that scans code for open source licenses and vulnerabilities. It is the third acquisition by Snyk in the past 6 months.
FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities
Source: Snyk Acquires FossID to Accelerate Worldwide Developer-First Security Adoption | Snyk
Signal, the company offering secure and private messaging, tried to advertise on Facebook. Naturally, the company tried to drive their value in privacy. They chose to point out the implications Facebook’s businesmodel has for these values.
Apparently Facebook didn’t like the ads.
Source: Signal >> Blog >> The Instagram ads Facebook won’t show you
Hakan Tanriverdi, Datenjournalist und Reporter für Cyber- und IT-Sicherheit beim Bayerischen Rundfunk, hat zusammen mit Florian Flade einen Podcast über CyberSpionage gemacht. Die beiden zeigen dabei auf, wie selbstverständlich Spionage auf diesem Niveau mittlerweile für Regierungen geworden ist.
Das Abo mit Apple Podcasts gibt es direkt hier.