299 matches found
(Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runactionbatch endpoint of the cloud infrastructure. The issue...
SkyScraper Security Vulnerability
SkyScraper is an AWS infrastructure and management resources and costs GUI dashboard from Open Source Labs. SkyScraper has a security vulnerability that stems from allowing the use of insecure HTTP requests...
Wiz becomes the first CNAPP to provide DSPM capabilities for Oracle Cloud Infrastructure
Oracle Cloud Infrastructure customers can now effectively protect their sensitive data with Wiz’s Data Security Posture Management DSPM capabilities...
Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec
Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures TTPs of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National...
CloudRecon - Finding assets from certificates
CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...
A Bootiful Podcast: Cloud Native Whitney Lee
Hi, Spring fans! In this installment, I talk to legendary Cloud Native Whitney Lee about cloud infrastructure, that one trick every dev must know, her new operations-centric gameshow, and more. Happy holidays to y'all!...
The Shift to Distributed Cloud: The Next Era of Cloud Infrastructure
...
Wiz recognized by Frost and Sullivan as a leading Cloud Native Application Protection Platform for 2023
Learn why Frost & Sullivan's Frost Radar Report describes the Wiz platform "as one of the market’s most powerful cloud infrastructure security platforms."...
New Webinar: 5 Must-Know Trends Impacting AppSec
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads wh...
Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?
In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...
Customer data stolen from gaming cloud host Shadow
Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...
PenTales: What It’s Like on the Red Team
At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...
CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...
What is Data Security Posture Management (DSPM)?
Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for...
How to Leverage AWS Performance Efficiency Pillar
Explore the Performance Efficiency pillar of the AWS Well-Architected Framework and discover how to create performance efficiency in the compute, storage, database, and network elements of cloud infrastructures...
GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...
CVE-2023-37948
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...
Jenkins Plugin Oracle Cloud Infrastructure Compute 输入验证错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Oracle Clo...