Unmasking the top exploited vulnerabilities of 2022

Unmasking the top exploited vulnerabilities of 2022
Unmasking the top exploited vulnerabilities of 2022

The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. With our role as a reverse proxy to a large portion of the Internet, Cloudflare is in a unique position to observe how the Common Vulnerabilities and Exposures (CVEs) mentioned by CISA are being exploited on the Internet.

We wanted to share a bit of what we’ve learned.

Based on our analysis, two CVEs mentioned in the CISA report are responsible for the vast majority of attack traffic seen in the wild: Log4J and Atlassian Confluence Code Injection. Although CISA/CSA discuss a larger number of vulnerabilities in the same report, our data clearly suggests a major difference in exploit volume between the top two and the rest of the list.

The top CVEs for 2022

Looking at the volume of requests detected by WAF Managed Rules that were created for the specific CVEs listed in the CISA report, we rank the vulnerabilities in order of prevalence:

Popularity rank

Description

CVEs

1. Improper Input Validation caused Remote Code execution in Apache Log4j logging library

Log4J

CVE-2021-44228

2. Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability

Atlassian Confluence Code Injection

CVE-2022-26134

Continue reading

Chip makers team up to take on Arm with RISC-V

Five companies that manufacture semiconductors for smartphones, automobiles and more have announced that they will form a company designed to advance the open source RISC-V architecture, in a move widely seen as being designed to reduce their dependence on licensed technology from Arm.The companies — Qualcomm, Robert Bosch, Infineon Technologies, NXP Semiconductors and Nordic Semiconductors — have yet to name this joint venture, but said in a statement issued Friday that the company will be registered in Germany, and that its focus will be on providing reference architectures and establishing industry solutions. The initial focus, according to the statement, will be on the automotive industry, but plans are in place to expand into mobile and IoT use cases.To read this article in full, please click here

Hedge 189: Data Center Careers with Carrie Goetz

When network engineers think of a data center, we think of fabrics and routers and switches. There is a lot more to a data center, though—there is power, building construction, environmentals, and a lot of others. What possible jobs are out there in the data center space for people who want to work in IT, but don’t either want to code or build networks? Carrie Goetz, author of Jumpstart Your Career in Data Centers joins Tom Ammon and Russ White to tell us about a few, and about the importance of other careers in the data center.

download

In case you didn’t see it I’m uploading the rough “machine generated” transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.

Heavy Networking 693: Securing Workforce Transformation With Cloud SWG (Sponsored)

On today's sponsored Heavy Networking we dig into cloud-delivered Secure Web Gateways (SWGs), which help guard end users against Web-based threats and enforce corporate Web access policies. As employees split time between home, office, and who knows where else, and as more applications move online, cloud-based SWGs help connect and protect workers. Our sponsor is Palo Alto Networks.

Heavy Networking 693: Securing Workforce Transformation With Cloud SWG (Sponsored)

On today's sponsored Heavy Networking we dig into cloud-delivered Secure Web Gateways (SWGs), which help guard end users against Web-based threats and enforce corporate Web access policies. As employees split time between home, office, and who knows where else, and as more applications move online, cloud-based SWGs help connect and protect workers. Our sponsor is Palo Alto Networks.

The post Heavy Networking 693: Securing Workforce Transformation With Cloud SWG (Sponsored) appeared first on Packet Pushers.

DNSOP at IETF117

After the flurry of work in various aspects of DNS privacy, the IETF’s agenda for DNS has shifted towards more maintenance and update. This does not mean that the volume of work has abated in any way, but it has dropped the more focussed stance of previous meetings to a broader diversity of topics in operating DNS infrastructure.

IEPG at IETF117

The IEPG meets for a couple of hours before each IETF meeting. It's a somewhat eclectic collection of presentations, with some vague common thread of relevance to Internet operations. Here's a summary of my impression from these IEPG session presentations for IETF 117.

Gen-AI HPC infrastructure provider CoreWeave scores $2.3 billion financing deal

CoreWeave, a specialist cloud provider offering high performance computing services to meet growing corporate demand for generative AI workloads, announced Thursday that it has received a $2.3 billion debt financing package from several asset management firms.The key to CoreWeave’s focus on the AI market is in its hardware. The company sells primarily GPU-based virtual machines, which are particularly well-suited for AI workloads. According to Gartner vice president and analyst Arun Chandrasekaran, CoreWeave’s advertised low cost is a function of its ties to Nvidia, with which, CoreWeave has said, it has a preferred supplier arrangement, enabling it to pass on savings.To read this article in full, please click here

Gen-AI HPC infrastructure provider CoreWeave scores $2.3 billion financing deal

CoreWeave, a specialist cloud provider offering high performance computing services to meet growing corporate demand for generative AI workloads, announced Thursday that it has received a $2.3 billion debt financing package from several asset management firms.The key to CoreWeave’s focus on the AI market is in its hardware. The company sells primarily GPU-based virtual machines, which are particularly well-suited for AI workloads. According to Gartner vice president and analyst Arun Chandrasekaran, CoreWeave’s advertised low cost is a function of its ties to Nvidia, with which, CoreWeave has said, it has a preferred supplier arrangement, enabling it to pass on savings.To read this article in full, please click here

Fortinet bolsters SD-WAN services, security with new software, next-generation firewalls

Fortinet has added new features to its SD-WAN software and a next-generation firewall series that promise to help customers better monitor and protect distributed enterprise resources.On the SD-WAN front, Fortinet is introducing two services – a network underlay and overlay option to let customers better manage WAN traffic to remote sites. The Underlay Performance Monitoring Service for SD-WAN utilizes the vendor’s core central management system FortiManager and FortiGuard’s database of hundreds of popular SaaS and cloud implementations, to offer visibility into the performance of the underlay network.  The underlay network is typically made up if the physical network infrastructure supporting traffic between distributed cloud or remote office resources.To read this article in full, please click here

Fortinet bolsters SD-WAN services, security with new software, next-generation firewalls

Fortinet has added new features to its SD-WAN software and a next-generation firewall series that promise to help customers better monitor and protect distributed enterprise resources.On the SD-WAN front, Fortinet is introducing two services – a network underlay and overlay option to let customers better manage WAN traffic to remote sites. The Underlay Performance Monitoring Service for SD-WAN utilizes the vendor’s core central management system FortiManager and FortiGuard’s database of hundreds of popular SaaS and cloud implementations, to offer visibility into the performance of the underlay network.  The underlay network is typically made up if the physical network infrastructure supporting traffic between distributed cloud or remote office resources.To read this article in full, please click here

Using Web Application Firewall at container-level for network-based threats

The microservices architecture provides developers and DevOps engineers significant agility that helps them move at the pace of the business. Breaking monolithic applications into smaller components accelerates development, streamlines scaling, and improves fault isolation. However, it also introduces certain security complexities since microservices frequently engage in inter-service communications, primarily through HTTP-based APIs, thus broadening the application’s attack surface. This scenario is similar to breaking a chunk of ice into smaller pieces, increasing its surface area. It is crucial that enterprises address these security challenges before benefiting from adopting a microservice architecture.

Challenges implementing defense-in-depth for containers with perimeter-based Web Application Firewall

Kubernetes is the de-facto standard for microservices orchestration. However, as organizations increasingly adopt Kubernetes, they run the risk of inadvertently introducing security gaps. This is often the result of attempts to integrate traditional security tooling into a cloud-native ecosystem that is highly dynamic, ephemeral, and non-deterministic. Instead of implementing security around the platform, DevOps, security, and platform teams must look at enforcing defenses through the platform.

Let’s look at an example of a web application firewall (WAF) which is typically deployed at the ingress of a network or application. As shown in the diagram below, HTTP traffic is Continue reading

Integrate Cloudflare Zero Trust with Datadog Cloud SIEM

Integrate Cloudflare Zero Trust with Datadog Cloud SIEM
Integrate Cloudflare Zero Trust with Datadog Cloud SIEM

Cloudflare's Zero Trust platform helps organizations map and adopt a strong security posture. This ranges from Zero Trust Network Access, a Secure Web Gateway to help filter traffic, to Cloud Access Security Broker and Data Loss Prevention to protect data in transit and in the cloud. Customers use Cloudflare to verify, isolate, and inspect all devices managed by IT. Our composable, in-line solutions offer a simplified approach to security and a comprehensive set of logs.

We’ve heard from many of our customers that they aggregate these logs into Datadog’s Cloud SIEM product. Datadog Cloud SIEM provides threat detection, investigation, and automated response for dynamic, cloud-scale environments. Cloud SIEM analyzes operational and security logs in real time – regardless of volume – while utilizing out-of-the-box integrations and rules to detect threats and investigate them. It also automates response and remediation through out-of-the-box workflow blueprints. Developers, security, and operations teams can also leverage detailed observability data and efficiently collaborate to accelerate security investigations in a single, unified platform. We previously had an out-of-the-box dashboard for Cloudflare CDN available on Datadog. These help our customers gain valuable insights into product usage and performance metrics for response times, HTTP status codes, cache hit rate. Continue reading

Ansible data manipulation with a Filter

This year at Summit, an attendee posed a question about how to work with setting facts and changing data in Ansible. Many times we’ve come across people using task after task to manipulate data, to turn items into lists, filter our options, trying to do heavy data manipulation and to turn data from one source into another. Trying to make these programmatic changes using a mixture of YAML and Jinja inside of roles and playbooks is a headache of its own. While many of these options will work, they aren’t very efficient or easy to implement. Ansible Playbooks were never meant for programming.

One solution that is usually overlooked is to do the manipulation in Python inside of a module or a filter. This article will detail how to create a filter to manipulate data. In addition, a repository for all code referenced in this article has been created.

This example was first developed as a module. However after review, it was determined that these data transformations are best done as filters. Filters can take multiple data inputs, do the programmatic operations, and then can be used in line where they are used as input or set as a fact. Continue reading

Ansible data manipulation with a Filter

Background:

This year at Summit, an attendee posed a question about how to work with setting facts and changing data in Ansible. Many times we’ve come across people using task after task to manipulate data, to turn items into lists, filter our options, trying to do heavy data manipulation and to turn data from one source into another. Trying to make these programmatic changes using a mixture of YAML and Jinja inside of roles and playbooks is a headache of its own. While many of these options will work, they aren’t very efficient or easy to implement. Ansible Playbooks were never meant for programming.

One solution that is usually overlooked is to do the manipulation in Python inside of a module or a filter. This article will detail how to create a filter to manipulate data. In addition, a repository for all code referenced in this article has been created. 

This example was first developed as a module. However after review, it was determined that these data transformations are best done as filters. Filters can take multiple data inputs, do the programmatic operations, and then can be used in line where they are used as input or set as Continue reading

1 281 282 283 284 285 3,870