Procurement management in short is an efficient way to manage spend, using efficient optimization of suppliers, vendors and getting a visibility into spend across many dimensions with the aim to gain maximum savings. Some companies employ the use of a procurement management software to handle their processes, while others still prefer to manage their spend manually. However, in both the methods, what is found lacking is intelligent analytics. Read More
Customer experience today is everything. Today’s consumers not only desire lesser wait time but also full attention, personalized service and automation. As it is for an individual consumer, the same is applicable to corporate customers as well. However, we are seeing banks still working in their traditional one-size-fits-all platform that use retail banking technology even for their partners with little to no bespoke changes. Today’s digital natives and startups are already bringing to life the idea of tomorrow and while all the other processes of business is seeing some or the other form of innovation and disruption, banking is still lagging behind due to hesitant adoption of innovation. To cope up with the changing dynamics of the new-age business, there is demand for smarter banking solutions that can be integrated in these businesses without much hassle and provide a much needed transparency. Read More
Escrow, in short is an arrangement where a neutral third party is responsible for safekeeping the escrow assets such as funds, securities, IP, documents etc. to be released only when certain conditions are fulfilled by the parties entering into contract. Escrows can range from few days to few years depending on the nature of the deal. Banks are one of the primary escrow service providers globally and since they have presence in different geographies, they are preferred over other organizations to be the escrow agents. Read More
This Security Alert addresses CVE-2018-1210001, a vulnerability in specific versions of Kubernetes, the deployment and orchestration platform used in Omni Data Platform and XCRO.
Excerpt: With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend. These requests are authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.
This vulnerability puts the entire cluster at risk by allowing the attacker to issue unauthenticated requests via the Kubernetes API layer.
Kubernetes API server
Affected Kubernetes versions and patches:
- Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
- Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
- Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)
Affected CAPIOT products:
- Omni Data Platform v1.x
- XCRO v.4.x
- XCRO v.5.x
If the Kubernetes API has not been exposed outside of the cluster, or the Kubernetes environment sits in an on-prem / air gapped environment, the probability of having been attacked is significantly lesser. However it is highly recommended to upgrade your Kubernetes platform to the latest patch that has been released immediately.
Please contact firstname.lastname@example.org for any further assistance or details on this security alert.