A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.
...moreSummary
Top Articles:
- Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
- Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
- Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens
- PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
- CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
- Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft
- Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
- Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk
- Newly ID'ed Chinese APT Hides Backdoor in Software Updates
- Is CISA's Secure by Design Pledge Toothless?
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft
Published: 2024-06-18 20:23:24
Popularity: 32
Author: Nate Nelson, Contributing Writer
🤖: ""VMware hacked""
Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk
Published: 2024-03-21 17:13:23
Popularity: 13
Author: Nate Nelson, Contributing Writer
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of the top cloud services.
...moreNewly ID'ed Chinese APT Hides Backdoor in Software Updates
Published: 2024-01-26 21:00:00
Popularity: 9
Author: Nate Nelson, Contributing Writer
The threat actor went more than half a decade before being discovered — thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.
...morePyPI Shuts Down Over the Weekend, Says Incident Was Overblown
Published: 2023-05-22 20:52:00
Popularity: 45
Author: Nate Nelson, Contributing Writer, Dark Reading
The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.
...moreMicrosoft Has Yet to Patch 7 Pwn2Own Zero-Days
Published: 2024-05-17 12:00:00
Popularity: 63
Author: Nate Nelson, Contributing Writer
A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.
...moreIs CISA's Secure by Design Pledge Toothless?
Published: 2024-05-10 18:21:29
Popularity: 9
Author: Nate Nelson, Contributing Writer
CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.
...moreCritical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
Published: 2024-05-20 19:31:25
Popularity: 95
Author: Nate Nelson, Contributing Writer
An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment.
...moreCrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
Published: 2024-07-25 20:51:01
Popularity: 43
Author: Nate Nelson, Contributing Writer
🤖: "Malware Alert"
The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories.
...moreCritical, Actively Exploited Jenkins RCE Bug Suffers Patch Lag
Published: 2024-08-22 19:42:04
Popularity: None
Author: Nate Nelson, Contributing Writer
🤖: ""Exploit alert""
A 7-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.
...moreAir-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens
Published: 2024-09-11 13:00:44
Popularity: 62
Author: Nate Nelson, Contributing Writer
🤖: ""Eavesdropping in silence""
In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
...moreZero-Click RCE Bug in macOS Calendar Exposes iCloud Data
Published: 2024-09-17 21:26:38
Popularity: 14
Author: Nate Nelson, Contributing Writer
🤖: ""calendar crash""
A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.
...more