Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

New Webinar: 5 Must-Know Trends Impacting AppSec

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other

The Hacker News
Open in Source
#vulnerability#web#google#microsoft#amazon#aws#zero_day#The Hacker News
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and

What the Bionic Acquisition Can Bring to CrowdStrike

CrowdStrike is moving deeper into application security with its agreement to acquire Bionic, provider of ASPM technology that proactively scans software in production for vulnerabilities.

CVE-2022-34834: AgileReporter | Regulatory Reporting Solution by VERMEG

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

CVE-2023-45499: CVE-2023-45498: RCE in VinChin Backup

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

Protecting your intellectual property and AI models using Confidential Containers

Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today's business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures. Confidential computing is one of these technologies, using hardware-based trusted execution environments (TEEs) to create enclaves with strengthened security postures. These enclaves help protect sensitive data and computations from unauthorized access, even by pr

CVE-2023-23767: Release notes - GitHub Enterprise Server 3.9 Docs

Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.