Lucene search
+L

299 matches found

Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.27 views

(Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runactionbatch endpoint of the cloud infrastructure. The issue...

7.5CVSS7.2AI score0.01186EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.6 views

SkyScraper Security Vulnerability

SkyScraper is an AWS infrastructure and management resources and costs GUI dashboard from Open Source Labs. SkyScraper has a security vulnerability that stems from allowing the use of insecure HTTP requests...

7.5CVSS6.9AI score0.00168EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2024/03/14 2:39 p.m.25 views

Wiz becomes the first CNAPP to provide DSPM capabilities for Oracle Cloud Infrastructure

Oracle Cloud Infrastructure customers can now effectively protect their sensitive data with Wiz’s Data Security Posture Management DSPM capabilities...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/07 6:4 p.m.6 views

Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec

Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...

7.2AI score
Exploits0
ICS
ICS
added 2024/02/26 12:0 p.m.47 views

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures TTPs of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National...

7.6AI score
Exploits0References40
Kitploit
Kitploit
added 2024/01/16 11:30 a.m.31 views

CloudRecon - Finding assets from certificates

CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...

7AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/12/22 12:0 a.m.8 views

A Bootiful Podcast: Cloud Native Whitney Lee

Hi, Spring fans! In this installment, I talk to legendary Cloud Native Whitney Lee about cloud infrastructure, that one trick every dev must know, her new operations-centric gameshow, and more. Happy holidays to y'all!...

7.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/12/18 2:0 p.m.9 views

The Shift to Distributed Cloud: The Next Era of Cloud Infrastructure

...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2023/12/05 5:50 p.m.11 views

Wiz recognized by Frost and Sullivan as a leading Cloud Native Application Protection Platform for 2023

Learn why Frost & Sullivan's Frost Radar Report describes the Wiz platform "as one of the market’s most powerful cloud infrastructure security platforms."...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/30 12:9 p.m.42 views

New Webinar: 5 Must-Know Trends Impacting AppSec

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads wh...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/17 9:9 p.m.38 views

Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?

In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...

7.5CVSS6.9AI score0.99571EPSS
Exploits27
Malwarebytes
Malwarebytes
added 2023/10/16 1:0 a.m.14 views

Customer data stolen from gaming cloud host Shadow

Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:16 p.m.13 views

PenTales: What It’s Like on the Red Team

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...

7.7AI score
Exploits0
OSV
OSV
added 2023/08/07 7:35 p.m.36 views

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

5.5CVSS7.4AI score0.00312EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2023/08/01 10:15 a.m.39 views

What is Data Security Posture Management (DSPM)?

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/07/25 12:0 a.m.11 views

How to Leverage AWS Performance Efficiency Pillar

Explore the Performance Efficiency pillar of the AWS Well-Architected Framework and discover how to create performance efficiency in the compute, storage, database, and network elements of cloud infrastructures...

7AI score
Exploits0
OSV
OSV
added 2023/07/12 6:30 p.m.17 views

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

4.8CVSS3.9AI score0.00499EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.29 views

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

3.7CVSS6.4AI score0.00499EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/12 4:15 p.m.4 views

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

3.7CVSS5.8AI score0.00499EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.6 views

Jenkins Plugin Oracle Cloud Infrastructure Compute 输入验证错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Oracle Clo...

3.7CVSS5.1AI score0.00499EPSS
Exploits0References3
Rows per page
Query Builder