This week's articles
Not All SBOMs Are Created Equal
A comprehensive SBOM is a valuable part of any organization's security toolbox. By looking at SCA tools critically and understanding their theory of operation we can generate more complete and accurate SBOMs.
Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
The Assetnote team discovered a pre-authentication vulnerability that allowed to make arbitrary HTTP requests, including requests with any HTTP method and request body. In order to exploit this SSRF, they had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.
What's New in Kubernetes Version 1.24
The Kubernetes 1.24 release brings many changes, including Dockershim removal, signing of Kubernetes artifacts with Cosign, and other improvements.