Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

Why Attackers Target GitHub, and How You Can Secure It

The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.

DARKReading
Open in Source
#vulnerability#web#mac#google#microsoft#linux#git#intel#aws#auth#ssh
GHSA-f5h9-qx38-2hgp: AWS SDK is vulnerable to server-side request forgery (SSRF)

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 can address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

CVE-2022-4725: Release AWS SDK for Android 2.59.1 · aws-amplify/aws-sdk-android

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Internet AppSec Remains Abysmal & Requires Sustained Action in 2023

A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree.

Security Is a Second-Class Citizen in High-Performance Computing

Vendors and operators attempt to balance power and security, but right now, power is the highest goal.

Google WordPress Plug-in Bug Allows AWS Metadata Theft

A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.

Best Practices for Securing and Governing Your Multicloud Deployment

Organizations can start by integrating functions like detection, prioritization, and remediation on to a single platform.

CVE-2022-44643: Downloads | Grafana Enterprise Metrics documentation

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range

Threat actors can take over victims' cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.