51 matches found
USN-7387-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Bitcoin’s Prospects in 2025: Exploring Opportunities and Mitigate Risks
Explore Bitcoin's 2025 prospects, market trends, mining, and secure methods like cloud platforms. Learn strategies to manage risks…...
CVE-2024-9624
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...
Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However,...
cyber-range-scenarios
This repository is an offensive tool for cloud-based cyber ranges, specifically for training scenarios. It contains a collection of scripts and configurations for simulating various cyber attacks and vulnerabilities, including Shell Shock and libfutex privilege escalation. The repository uses...
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of...
The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Not Every Cloud Is Meant for Every Workload
Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers’ output...
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
CVE-2022-22306
An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...
PurplePanda - Identify Privilege Escalation Paths Within And Across Different Clouds
This tool fetches resources from different cloud/saas applications focusing on permissions in order to identifyprivilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privilegesescalation paths within a platform and across...
CVE-2022-21215
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...
4 Cloud Data Security Best Practices All Businesses Should Follow Today
These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're...
Microsoft Disrupts Large, Cloud-Based BEC Campaign
Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...
Smart lighting security
Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...
Emerging Edge Computing Use Cases
The first rule of edge compute thought leadership is: don't overuse the term edge. Over the course of my blog series on the topic, I have defined the edge, explained edge computing, and discussed the economics of edge computing. There have also been a few articles in which I've discussed how...
USN-4689-2: Linux kernel vulnerabilities
USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed...