In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.
The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.
As a developer, you’re going to be making changes to a codebase. That’s why, as Harold Abelson put it, “Programs must be written for people to read.” If a codebase is not clearly formatted, debugging becomes more difficult than it should be. Though usually overlooked, little changes like reformatting and proper indentation of your code can obviously differentiate a professional developer’s code base from someone just learning.
John Pagliuca, CEO of N-able, has taken issue in the press multiple times with the term digital transformation, preferring the term digital evolution. I agree that evolution is a better term. Digital transformation implies a one-time event; digital evolution acknowledges the ongoing nature of these changes. In short, the market will continue to change. How you adapt dictates whether you come out far ahead or remain with the status quo.
In December 2020, we blogged about security issues in Go’s encoding/xml with critical impact on several Go-based SAML implementations. Coordinating the disclosure around those issues was no small feat; we spent months emailing the Go security team, reviewing code, testing and retesting exploits, coming up with workarounds, implementing a validation library, and finally reaching out to SAML library maintainers and 20 different companies downstream.
