TeamTNT attacks IAM credentials of AWS and Google Cloud

Limited Time Offer! For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly. Master DevOps, SRE, DevSecOps Skills! Enroll Now Source:-https://www.scmagazine.com/ Researchers reported Friday that TeamTNT is using compromised AWS credentials to attack AWS cloud environments via the cloud platform’s application programming interface. The threat actors are now also targeting the credentials of 16 additional applications, including the AWS apps as well as Google Cloud credentials. The researchers said the threat actors can now

Read more

GitHub’s new policies allow removal of PoC exploits used in attacks

Limited Time Offer! For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly. Master DevOps, SRE, DevSecOps Skills! Enroll Now Source:-https://www.bleepingcomputer.com/ GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service. To give some background behind the new policy changes, security researcher Nguyen Jang uploaded a proof-of-concept exploit (PoC) to GitHub in March for the Microsoft Exchange Proxy Logon vulnerability.

Read more

Security issues can go undetected for years before being disclosed: GitHub report

Limited Time Offer! For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly. Master DevOps, SRE, DevSecOps Skills! Enroll Now Source:-https://www.thehindubusinessline.com Most vulnerabilities are from mistakes, not malicious attacks Security vulnerabilities can often go undetected for over four years before they are disclosed, according to the latest 2020 Security report by GitHub. As per the report, vulnerabilities can often not be detected for more than for years. Once they are disclosed, developers may take

Read more

GitHub Actions platform vulnerable to code injection attacks – research

Limited Time Offer! For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly. Master DevOps, SRE, DevSecOps Skills! Enroll Now Source:-https://portswigger.net A design flaw in Actions, GitHub’s workflow management platform, can give hackers write access to repositories and reveal encrypted secrets, Google Project Zero researcher Felix Wilhelm has reported. An attacker can exploit set-env, one of the commands supported by GitHub Actions, to dump NodeJS commands to the shell output, which are then processed

Read more