#aws

Today, ensuring the security and integrity of your software supply chain is more critical than ever. Red Hat Advanced Cluster Security for Kubernetes is focused on providing users the tools to tackle the greatest security challenges.One essential tool in this effort is the software bill of materials (SBOM), which provides a comprehensive list of all components and libraries used within a software product. With the growing importance of SBOMs for supply chain security—especially in light of the NIST Executive Order—Red Hat Advanced Cluster Security 4.7 introduces new features for generating

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade.

A shocking amount of iOS apps in Apple's App Store contained hard-coded secrets. Secrets that could lead criminals to user data.

## Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity (XXE) injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML data for bucket tagging operations, the application allows the definition and resolution of external entities. This vulnerability allows an attacker to read arbitrary files from the server's filesystem by defining an external entity that references local files. The vulnerability is particularly severe because it allows direct access to sensitive files on the server's filesystem, bypassing any intended access controls. The XXE vulnerability can be exploited to read any file that the application process has access to, potentially exposing sensitive configuration files, credentials, or other confidential information. ## Steps to Reproduce 1. Create a bucket in the LocalS3 service using any S3...

Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm…

Unit 42 uncovers JavaGhost’s evolving AWS attacks. Learn how this threat actor uses phishing, IAM abuse, and advanced…

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic

A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6…

FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.