1198 matches found
Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service DNSaaS providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic...
Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...
GDir-Thief - Red Team Tool For Exfiltrating The Target Organization'S Google People Directory That You Have Access To, Via Google's API
Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API. HOW TO Create a new Google Cloud Platform GCP project Steps to get the Google API Access Token needed for connecting to the API 1. Create a burner gmail/google accoun...
Google Cloud Platform Settings
Binary data gcpsettings.nbin...
Google Cloud Platform Compliance Checks
Binary data gcpcompliancecheck.nbin...
USN-4946-1: Linux kernel vulnerabilities
It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-20292 Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan ...
How to Configure Connections Required for Veeam Backup for Google Cloud in Highly Secured Environments
If your backup appliance is deployed in a highly secured environment with all outbound connections restricted, you must perform the following configuration steps to make Veeam Backup for Google Cloud function properly: 1. Allow internet access to the following Google Cloud APIs: Compute Engine AP...
CVE-2021-22547
In IoT Devices SDK, there is an implementation of calloc that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading th...
Buffer overflow
In IoT Devices SDK, there is an implementation of calloc that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading th...
CVE-2021-22547 Buffer overrun in Google Cloud IoT Device SDK for Embedded C
In IoT Devices SDK, there is an implementation of calloc that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading th...
CVE-2021-22547
CVE-2021-22547 affects the Google Cloud IoT Device SDK for Embedded C (IoT Devices SDK). The root cause is a calloc() implementation without a length check, which can allow an attacker to provide memory objects larger than the buffer and wrap around to create a smaller buffer, enabling access to ...
iot-device-sdk-embedded-c 安全漏洞
iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...
HashiCorp Terraform 安全漏洞
Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform versions prior to 2.19.1 that stems from a failure to properly configure the GCE type binding tag for Vault's GCP...
Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth
Summary Terraform’s Vault Provider terraform-provider-vault did not correctly configure GCE-type bound labels for Vault’s GCP auth method. This vulnerability, CVE-2021-30476, was fixed in terraform-provider-vault 2.19.1. Background Terraform’s Vault Provider...
Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
An open source serveo/ngrok alternative. Deploy Builds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds are tagged using a commit sha, branch name, tag, latest if released on main. You can find a list here. Each release builds separate sish binaries that can ...
USN-4916-1: Linux kernel vulnerabilities
It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Piotr Krysiuk discovered that the BPF JIT...
USN-4887-1: Linux kernel vulnerabilities
De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information kernel memory or possibly execute arbitrary code...
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests ...
USN-4751-1: Linux kernel vulnerabilities
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...
Monitor Google Cloud Platform (GCP) Data With InsightIDR
InsightIDR was built in the cloud to support dynamic and rapidly changing environments—including remote workers, hybrid cloud and on-premises architectures, and fully cloud environments. Today, more and more organizations are adopting multi-cloud or hybrid environments, creating increasingly more...