August 9, 2024 at 06:39PM Cloud security researchers discovered critical flaws in Amazon Web Services (AWS) that could lead to remote code execution, user takeover, data exposure, and denial of service. The “Bucket Monopoly” issue allows attackers to create covert access to S3 buckets, potentially enabling data theft, privilege escalation, and malicious code execution. AWS … Read more
August 9, 2024 at 02:51PM Microsoft disclosed medium-severity security flaws in OpenVPN, enabling attackers to achieve remote code execution and local privilege escalation. The vulnerabilities, affecting versions prior to 2.6.10 and 2.5.10, can lead to data breaches and system compromise. Exploitation requires user authentication and advanced understanding of OpenVPN’s inner workings. Vulnerabilities can be exploited … Read more
August 8, 2024 at 11:00AM AppOmni analyzed 230 billion SaaS audit log events, finding that most SaaS security incidents involve simple smash and grab incursions, with attackers using legitimate credentials for entry. The use of MITRE ATT&CK kill chain is minimal. AppOmni recommends implementing a full zero trust policy with effective MFA to prevent attacker … Read more
July 22, 2024 at 03:14PM Security researchers from Belgium found that numerous dating apps may compromise users’ privacy by leaking sensitive data and even their exact location. All 15 apps analyzed had vulnerabilities that could be exploited to obtain sensitive user information. Additionally, trilateration techniques were used to pinpoint users’ precise locations, posing potential physical … Read more
July 22, 2024 at 12:52PM Experts are concerned about the potential of quantum computing systems to break classic RSA encryption. Researchers will discuss the risks and implications of quantum vulnerability at Black Hat USA 2024. They found vulnerabilities in quantum computing platforms and emphasize the need for error correction as quantum computers grow in capacity. … Read more
June 24, 2024 at 12:25PM Researchers from Graz University of Technology have discovered a new method, SnailLoad, which enables remote attackers to infer websites and content viewed by a user without direct access to their network traffic. The attack is efficient and does not require a person-in-the-middle position or code execution on the victim’s system. … Read more