44 matches found
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...
Spinnaker 日志信息泄露漏洞
Spinnaker is a continuous delivery platform. It is used to release software changes with high speed and confidence. A log information disclosure vulnerability exists in Spinnaker versions prior to 1.29.2, prior to 1.28.4, and prior to 1.27.3, which stems from not preserving a masked secret...
Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor
A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using...
Malicious Kindle Ebook Let Hackers Take Over Your Amazon Account
If you came across a Kindle e-book download link from any suspicious sources or somewhere other than Amazon itself, check twice before you proceed download. As downloading an eBook could put your personal information at risk. A security researcher has uncovered a security hole in Amazon's Kindle...