#aws

GeoServer's Server Status page and REST API (at `/geoserver/rest/about/status`) lists *all* environment variables and Java properties to *any* GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens, for example: * Data stores defined with [parameterized catalog settings][catalog] (`-DALLOW_ENV_PARAMETRIZATION=true`) which need a password or access key. * GeoServer's official Docker image [uses environment variables to configure PostgreSQL JNDI resources, including credentials][docker-jndi] (`POSTGRES_HOST`, `POSTGRES_USERNAME`, `POSTGRES_PASSWORD`) Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process, such as: * GeoServer `admin` and master (`root`) passwords * Tomcat management application password * HTTPS/TLS cer...

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we

Plus: A cloud company says notorious Russian hacker group APT29 attacked it, Chinese hackers use ransomware to hide their espionage campaigns, and a bank popular with startups discloses a cyberattack.

AWS hosted a server linked to the Bezos family- and Nvidia-backed search startup that appears to have been used to scrape the sites of major outlets, prompting an inquiry into potential rules violations.

Microsoft last year described the threat actor — known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus — as one of the most dangerous current adversaries.

### Impact When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: - RancherKubernetesEngineConfig - RKENodeConfig - SSH username - SSH private key - SSH private key path - RKEConfigServices - ETCDService - External client key - BackupConfig - S3BackupConfig - AWS access key - AWS secret key - KubeAPIService - SecretsEncryptionConfig - K8s encryption configuration (contains encryption keys) - PrivateRegistries - User - Password - ECRCredentialPlugin - AWS access key - AWS secret key - AWS session token - CloudProvider - AzureCloudProvider - ...

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is

A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted.