Dependency Confusion Could Have Led to RCE in Google Cloud Platform

September 17, 2024 at 09:15AM Tenable revealed details of the CloudImposer attack method, which could have led to remote code execution on Google Cloud Platform (GCP). The attack exploited a Python argument to carry out a dependency confusion attack. After reporting the vulnerability, Google promptly patched the RCE bug and updated its documentation to mitigate … Read more

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers

August 9, 2024 at 06:39PM Cloud security researchers discovered critical flaws in Amazon Web Services (AWS) that could lead to remote code execution, user takeover, data exposure, and denial of service. The “Bucket Monopoly” issue allows attackers to create covert access to S3 buckets, potentially enabling data theft, privilege escalation, and malicious code execution. AWS … Read more

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

August 9, 2024 at 02:51PM Microsoft disclosed medium-severity security flaws in OpenVPN, enabling attackers to achieve remote code execution and local privilege escalation. The vulnerabilities, affecting versions prior to 2.6.10 and 2.5.10, can lead to data breaches and system compromise. Exploitation requires user authentication and advanced understanding of OpenVPN’s inner workings. Vulnerabilities can be exploited … Read more

Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds

August 8, 2024 at 11:00AM AppOmni analyzed 230 billion SaaS audit log events, finding that most SaaS security incidents involve simple smash and grab incursions, with attackers using legitimate credentials for entry. The use of MITRE ATT&CK kill chain is minimal. AppOmni recommends implementing a full zero trust policy with effective MFA to prevent attacker … Read more

Swipe Right for Data Leaks: Dating Apps Expose Location, More

July 22, 2024 at 03:14PM Security researchers from Belgium found that numerous dating apps may compromise users’ privacy by leaking sensitive data and even their exact location. All 15 apps analyzed had vulnerabilities that could be exploited to obtain sensitive user information. Additionally, trilateration techniques were used to pinpoint users’ precise locations, posing potential physical … Read more

Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target

July 22, 2024 at 12:52PM Experts are concerned about the potential of quantum computing systems to break classic RSA encryption. Researchers will discuss the risks and implications of quantum vulnerability at Black Hat USA 2024. They found vulnerabilities in quantum computing platforms and emphasize the need for error correction as quantum computers grow in capacity. … Read more

New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity

June 24, 2024 at 12:25PM Researchers from Graz University of Technology have discovered a new method, SnailLoad, which enables remote attackers to infer websites and content viewed by a user without direct access to their network traffic. The attack is efficient and does not require a person-in-the-middle position or code execution on the victim’s system. … Read more