#aws

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Summary Cybersecurity researchers have identified a large-scale hacking operation linked to notorious ShinyHunters and Nemesis hacking groups. In…

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.

We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.

The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ruijie Equipment: Reyee OS Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak Credentials, Improper Neutralization of Wildcards or Matching Symbols, Improper Handling of Insufficient Permissions or Privileges, Server-Side Request Forgery (SSRF), Use of Inherently Dangerous Function, Resource Leak 2. RISK EVALUATION Successful exploitation of this vulnerabilities could allow attackers to take near full control over the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Ruijie product is affected: Reyee OS: Versions 2.206.x up to but not including 2.320.x 3.2 Vulnerability Overview 3.2.1 Weak Password Recovery Mechanism for Forgotten Password CWE-640 Ruijie Reyee OS version...

Tel Aviv, ISRAEL, 2nd December 2024, CyberNewsWire

Tel Aviv, ISRAEL, 2nd December 2024, CyberNewsWire

AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types of security threats.