IT News
SoftNAS Cloud 0day found: Upgrade ASAP
| 
| Odsłony: 253https://www.itworld.com/article/3375199/softnas-cloud-0day-found-upgrade-asap.html
SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product's session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. Version 4.2.2 contains the relevant security patch.
"SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could be leveraged to gain access to the webadmin interface without valid user credentials," the Digital Defense advisory says. "The vulnerability potentially allows an attacker to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and data."
Typically, a SoftNAS appliance is not deployed internet-facing, mitigating the risk for users. However, an intruder already in an enterprise network would find the SoftNAS appliance a softer target than many end points and rich with backup data to exfiltrate.
"A lot of times when we're in security assessments, we tend to take a very hard look at backup and network-attached storage systems," Mike Cotton, vice president of research and development at Digital Defense, tells CSO. "They house a lot of critical information from hundreds of systems potentially."
Facebook’s blockchain cryptocurrency could mean big money – and kill 'fake news'
| | Odsłony: 234Facebook is developing its own cryptocurrency for payments, according to at least two reports, a move that has the potential to make the social network billions of dollars while also helping to eliminate fake news and bots.
Although the social media giant has not publicly commented on reports from Bloomberg and The New York Times, it did acknowledge it's exploring the distributed ledger technology (DLT).
"Like many other companies Facebook is exploring ways to leverage the power of blockchain technology. This new small team is exploring many different applications. We don't have anything further to share," Facebook said in a response to a Computerworld request for comment.
While details are few, the reports based on unnamed courses claim a cryptocurrency would allow users of Facebook's WhatsApp messaging platform to send money to contacts, similar to how Venmo or PayPal allow cross-border payments; the difference is that there would be no middleman (i.e., a central bank or clearing firm).
According to the Times' article, Facebook has already spoken with cryptocurrency exchanges about selling its crypto coin to consumers; others believe the social media firm would not tie payments to a strict "cryptocurrency," opting instead to use a stable coin backed by U.S. dollars and other fiat currencies.
New Google project offers Kubernetes building blocks for CI/CD
| | Odsłony: 2649Cloud-native technologies such as Kubernetes promise to be a hedge against cloud lock-in. A new open-source project, Tekton, offers a Kubernetes-native framework for quickly building CI/CD systems that run anywhere Kubernetes runs. Plus, Tekton will work with existing CI/CD servers such as Jenkins.
The Google-led project, which has had contributions from other companies, features a shared set of building blocks for creating cloud-native CI/CD pipelines. WIth Tekton, developers can build and deploy software across multiple clouds or on-premises systems. Key capabilities of Tekton include:
- Tekton Pipelines that run on the Kubernetes container orchestration platform and leverage containers as building blocks. Through Tekton Pipelines, developers combine containers to make complex pipelines. Kubernetes clusters are a first-class type with Tekton Pipelines.
- Tools for storing, managing, and securing artifacts.
- A results store API to provide insights into test and build results.
Tekton is designed to enable developers to deploy immutable images, manage version control of infrastructure, and perform rollbacks. Components are provided to standardize CI/CD tools across languages and deployment environments. These components can work with CI/CD tools including Jenkins, Skaffold, Knative, and Jenkins X, which also leverages Kubernetes and the cloud for CI/CD, providing pipeline automation.
Tekton is also designed to work well with Google Cloud Platform with specific Kubernetes tools. It can be deployed to Google Kubernetes Engineand supports artifact storage and scanning using Google Container Registry. Tekton also can be deployed across environments including VMs, serverless platforms, or Firebase.
Tekton recently was named an initial project hosted by the newly formed Continuous Delivery Foundation, along with projects including Jenkins X, Jenkins, and Spinnaker. The foundation was formed under the umbrella of the Linux Foundation.
You can download Tekton Pipelines from GitHub.
This story, "New Google project offers Kubernetes building blocks for CI/CD" was originally published by InfoWorld.