📦 Hardened Container Images: Images for a Secure Supply Chain

Findings:

* Popular Debian-based images have ~300 CVEs

* Updating OS packages reduces CVEs by ~5%
* Debloating by ~64%

* Canonical’s Chisselled > Iron Bank > Red Hat

By Chainguard ⛓️

chainguard.dev/unchained/hard…

Thanks to Chainguard ⛓️ for helping us g̶e̶t̶ ̶r̶i̶d̶ ̶o̶f̶ ̶C̶V̶E̶s̶ get rid of bazel!

github.com/istio/istio/pu…

Crazy awesome research by Charles Fol, many CVEs coming from this.

✌️🏴🏳️🚩

👑 #CVeS 🔥

💪 #Vpm #Admk 🏴🏳️🚩

Top 5 Trending CVEs:
1 - CVE-2023-46805
2 - CVE-2024-4367
3 - CVE-2024-3661
4 - CVE-2024-34351
5 - CVE-2024-21111

#cve #cve trends #cve shield #cybersecurity
cveshield.com/dashboard

🚨 Updated CVEs Alert! 🚨

Check out the latest hottest CVEs, including CVE-2024-4040, CVE-2024-3400, and more in our PoC repo.

🛠️ Almost every publicly available CVE PoC is here, neatly organized with year-wise splits and valuable references 👇

github.com/trickest/cve

IDENTIFYING RELEVANT THREAT INTELLIGENCE

Today's practical aspects of my study were fun and evoked a sense of attainment.

Researching about the MITRE CVEs, accessing the MITREATT&CK, and investigating potential malware attacks was intriguing.

I will update you guys soon.

Is Palo Alto Networks down?

#PaloAltoNetworks status:

CVEs aren't being updated. More: bit.ly/3JU3Sik

Seeing this? Please retweet. 🙏

Palo Alto Networks can you help?

#PaloAltoNetworks Down 😱

A Comprehensive Review of my Lab analysis on MITRE CVEs, MITRE ATT&CK, and investigation of Potential Malware -

The first thing I did was to carefully read to comprehend the questions before affixing the answers to their rightful position.

New VPN Risk Report: 56% of Enterprises Attacked via #VPN #Vulnerabilities

Rising VPN Attacks, #CVEs , and Enterprise Concerns

Overall, a staggering 56% of organizations reported cyberattacks that exploited VPN vulnerabilities within the past year!!!

Top 5 Trending CVEs:
1 - CVE-2024-20861
2 - CVE-2024-3661
3 - CVE-2024-31848
4 - CVE-2024-33788
5 - CVE-2023-49606

#cve #cve trends #cve shield #cybersecurity
cveshield.com/dashboard

Is Palo Alto Networks down?

#PaloAltoNetworks status:

Prisma Cloud Compute - issue with Linux CVEs in Intelligence stream. More: bit.ly/3wevoUO

Seeing this? Please retweet. 🙏

Palo Alto Networks can you help?

#PaloAltoNetworks Down 😱

CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts. Meanwhile, the NVD backlog has surpassed 10,000. Conflicting CPE strings pose challenges for implementation. #security socket.dev/blog/cisa-laun…

Many new F5 vulnerabilities, including 5 discovered by the amazing team I work with at Eclypsium. Only 2 got CVEs assigned. Full write-up and PoCs are here: eclypsium.com/blog/big-vulne…

Do you know how many CVEs your container images are carrying around? Choose your base image wisely... The difference is staggering.

Highlights from Our Q1 Vulnerability Report

Exploitation of known vulnerabilities remains among the top attack vectors in enterprises. The importance of the issue steadily rises given that the share of critical vulnerabilities consistently grows, while the share of CVEs with…

May your hacking & development experience be filled with prosperous bounties, CVEs, critical vulnerability findings, brilliant exploitation, and detailed reports.

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) ow.ly/WrrT105rEj7

NVD Analysis Slowdown Update:
- 10,195 CVEs published this year have not been analyzed.

- NVD has only analyzed 340 CVEs published since February 15th.

- For the 10,195 unanalyzed CVEs, Analyzing the pre-Feb 15th average just emptying the backlog would take 185 days.

“Destroy your CVEs, you must, for secure, your company will be.” - Master Yoda (Probably)*

*Not Probably

#maythe4thbewithyou #starwarsday