299 matches found
CVE-2024-6248
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...
CVE-2024-6248 Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...
CVE-2024-6248 Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...
CVE-2024-6248
CVE-2024-6248 affects Wyze Cam v3 via the cloud infrastructure’s run_action_batch endpoint. The vulnerability results from using the device MAC address as the sole authentication credential, enabling network-adjacent attackers to execute arbitrary code with root context without authentication. Mu...
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches
Canadian authorities arrest a suspect linked to the Snowflake data breach, exposing vulnerabilities in cloud infrastructure. The breach…...
Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP
The shift of business applications and infrastructure to the cloud has heightened the need for security teams to manage cyber risks comprehensively, ensuring visibility and control across diverse cloud environments. As organizations increasingly adopt multi-cloud environments, they often find...
Addressing Cloud Identity Risks With TotalCloud CIEM
As organizations continue to embrace multi-cloud environments, leveraging platforms such as Amazon Web Services AWS, Microsoft Azure, Google Cloud Platform GCP, and Oracle Cloud Infrastructure OCI, the complexity of cloud security has increased exponentially. In cloud environments, machines are...
[SECURITY] Fedora 40 Update: opentofu-1.8.0-1.fc40
OpenTofu lets you declaratively manage your cloud infrastructure...
Fedora: Security Advisory (FEDORA-2024-35147eb6ad)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-c83208238d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins AuthZ under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating...
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
A Latin America LATAM-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractiv...
CloudSorcerer – A new APT targeting Russian government entities
In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...
Companies Optimize Cloud Costs and Deliver Superior Experiences on Akamai
Learn how Akamai’s customers optimize their cloud computing costs and deliver engaging customer experiences with our open and affordable cloud infrastructure...
Malicious code in OCI.DotNetSDK.Waf.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in OCI.DotNetSDK.Usage.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in OCI.DotNetSDK.Osuborganizationsubscription.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in OCI.DotNetSDK.Osubbillingschedule.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in OCI.DotNetSDK.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in OCI.DotNetSDK.Dashboard.service (NuGet)
--- -= Per source details. Do not edit below this line.=-...