#aws

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers.

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools.

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.

### Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the get_schemas, get_tables, or get_columns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. ### Impact A SQL injection is possible in the Amazon Redshift Python Connector, version 2.1.4, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift Python Connector version 2.1.4. ### Patches The issue described above has been addressed in the Amazon Redshift Python Connector, version 2.1.5. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these input...

### Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. ### Impact A SQL injection is possible in the Amazon Redshift JDBC Driver, version 2.1.0.31, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift JDBC Driver version 2.1.0.31. ### Patches The issue described above has been addressed in the Amazon Redshift JDBC Driver, version 2.1.0.32. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these inputs and then ex...

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

The software development industry is expanding tremendously. It drives up the need for technical people and new solutions.…