Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Deep Dive: Protecting Against Container Threats in the Cloud

A deep dive into securing containerized environments and understanding how they present unique security challenges.

Threatpost
Open in Source
#vulnerability#web#mac#windows#microsoft#amazon#red_hat#dos#kubernetes#backdoor#botnet#auth#ssh#zero_day#docker
Breast Cancer Charity Exposed Sensitive Images of U.S. Patients

By Waqas The Ardmore, Pennsylvania-based cancer charity Breastcancer.org suffered a massive data loss impacting thousands of its registered users. The… This is a post from HackRead.com Read the original post: Breast Cancer Charity Exposed Sensitive Images of U.S. Patients

The top 5 most routinely exploited vulnerabilities of 2021

International cybersecurity authorities have published an overview of the most routinely exploited vulnerabilities of 2021. The post The top 5 most routinely exploited vulnerabilities of 2021 appeared first on Malwarebytes Labs.

Doppler Takes on Secrets Management

The startup is the latest company to try to solve the problem of organizing and sharing secrets.

The Ins and Outs of Secure Infrastructure as Code

The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.

Firms Push for CVE-Like Cloud Bug System

Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.

CVE-2021-45841: How to summon RCEs

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.

CVE-2021-45842: How to summon RCEs

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.

Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

The "hotpatch" released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution," Palo Alto Networks Unit 42 researcher Yuval

TeamTNT targeting AWS, Alibaba

By Darin Smith.TeamTNT is actively modifying its scripts after they were made public by security researchers.These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances.The group's payloads include credential stealers,... [[ This is only the beginning! Please visit the blog for the complete entry ]]