Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

Ubuntu Security Notice USN-6975-1

Ubuntu Security Notice 6975-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Packet Storm
#vulnerability#web#google#microsoft#amazon#ubuntu#linux#oracle#aws#ibm
Ubuntu Security Notice USN-6974-1

Ubuntu Security Notice 6974-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-6973-1

Ubuntu Security Notice 6973-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

An AWS Configuration Issue Could Expose Thousands of Web Apps

Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive

Authentication and Authorization in Red Hat OpenShift and Microservices Architectures

One of the key components of a container-based architecture is security.There are many facets to it (just have a look at the list of topics in the official OpenShift documentation here), but some of the most basic requirements are authentication and authorization. In this article, I explain how authentication and authorization work in Kubernetes and Red Hat OpenShift. I cover interactions between the different layers of a Kubernetes ecosystem, including the infrastructure layer, Kubernetes layer, and the containerized applications layer.What is authentication and authorization?In simple terms,

Deployment considerations for Red Hat OpenShift Confidential Containers solution

Confidential containers are containers deployed within a Trusted Execution Environment (TEE), which allows you to protect your application code and secrets when deployed in untrusted environments. In our previous articles, we introduced the Red Hat OpenShift confidential containers (CoCo) solution and relevant use cases. We demonstrated how components of the CoCo solution, spread across trusted and untrusted environments, including confidential virtual machine (CVM), guest components, TEEs, Confidential compute attestation operator, Trustee agents, and more, work together as part of the soluti

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary