configuration

Lessons from an Istio Configuration Finding

Feb 7, 2025 by iHash Leave a Comment

As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on. Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and … [Read more...] about Lessons from an Istio Configuration Finding

Insecure Default Configuration Exposes Servers to RCE Attacks

Apr 26, 2023 by iHash Leave a Comment

Apr 26, 2023Ravie LakshmananServer Security / Vulnerability The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a … [Read more...] about Insecure Default Configuration Exposes Servers to RCE Attacks

Streamline configuration processes with an official Elastic Stack Terraform provider

Jan 27, 2022 by iHash Leave a Comment

Or, by using an elasticsearch_connection block with the same parameters on a per-resource level. This lets you use the provider to configure multiple Elastic Stack instances in a single configuration file and spin up a fully configured Elastic deployment on Elastic Cloud. The Elastic Stack, as codeThe Elastic Stack Terraform provider allows you to manage crucial Elasticsearch … [Read more...] about Streamline configuration processes with an official Elastic Stack Terraform provider

Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Feb 22, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Cryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. “The incident occurred when our ETH multisig cold wallet […]

What to do if your WhatsApp is hacked: a step-by-step guide

Your messaging-app account might be of interest to more than just jealous spouses or nosy coworkers. Stolen WhatsApp accounts fuel large-scale criminal activity — ranging from spam distribution to complex scam schemes. That’s why cybercriminals are constantly on the lookout for WhatsApp accounts — using various methods to hijack them. Here are eight signs your […]

Will AI start taking cybersecurity jobs?

No, but it’s fundamentally changing them. Generative AI (GenAI) is quickly becoming an essential part of everyday security workflows. So … is it a partner or competitor? The wide-ranging implementation of GenAI technologies into virtually every aspect of the security stack has, on the whole, helped security teams work more efficiently to mitigate threats. GenAI […]

Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ […]

Solving for Exponential Data Growth in Next-Gen SIEM

Do you ever feel overwhelmed by the number of data sources you manage with your SIEM? How do you piece together different pieces of the puzzle like SOAR, threat intelligence, and security tools for endpoint, cloud, or identity? Do you actually know which tools are strengthening your security posture, and which are just adding more […]

Major League Soccer kicks off 30th season this weekend on MLS Season Pass

February 18, 2025 UPDATE Major League Soccer kicks off 30th season this weekend on MLS Season Pass on Apple TV Major League Soccer kicks off its 30th season this Saturday on MLS Season Pass on Apple TV, with all 30 teams taking the pitch for MLS is Back weekend. Fans in more than 100 countries and regions can […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.