AWS VDP: AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints

A vulnerability was discovered in the AWS Auto Scaling service, where 6 API endpoints incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail logs. This allowed the adversary to perform API calls using these endpoints and evade the logging of their IP address a...

EUVD-2016-0358

Malware in sbrugna...

MAL-2024-6729 Malicious code in auto-scaling_methods (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in auto-scaling_methods (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Knative Serving Security Vulnerability

Knative Serving is a Kubernetes-based build from Knative that supports the deployment and servicing of applications and features as serverless containers. A security vulnerability exists in Knative Serving that stems from a memory allocation error, which could lead to a denial of service by an...

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware

Cybercriminals are targeting Alibaba Elastic Computing Service ECS instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted. Register now for our LIVE event!...

Security Bulletin: SSL certificate validation disabled through a vulnerability in the Auto-Scaling for Bluemix service agent (CVE-2016-0323)

Summary Liberty for Java applications bound to the Auto-Scaling for Bluemix service have SSL certificate validation disabled through a vulnerability in the agent for the service. The default SSL connection factory for https requests is set to bypass all trust management in this vulnerability...

Design/Logic Flaw

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors...

CVE-2016-0323

The CVE-2016-0323 issue affects Liberty for Java running in IBM Bluemix when bound to the Auto-Scaling for Bluemix service, specifically versions prior to 2.7-20160321-1358. The Auto-Scaling agent can disable SSL certificate validation, bypassing the HTTPS trust-management feature. The IBM Bluemi...

CVE-2016-0323

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors...

Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory

Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

Moderate: Red Hat Security Advisory: openstack-heat security, bug fix, and enhancement update

Updated openstack-heat packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...