Security News > 2022 > November
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. We've repeatedly seen that ad hoc, scattershot employee training attempts don't work.
Phishing, educating your employees, and creating a cyber awareness culture? These are topics we're sensitive to and well-versed in. We've repeatedly seen that ad hoc, scattershot employee training attempts don't work.
Confidential computing aims to protect data while it's in transit, in use and at rest, combating attackers who use memory scraping to infiltrate data in use. Confidential computing has several applications within the healthcare field.
Over a dozen security flaws have been discovered in baseboard management controller firmware from Lanner that could expose operational technology and internet of things networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip, that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.
Over a dozen security flaws have been discovered in baseboard management controller firmware from Lanner that could expose operational technology and internet of things networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip, that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.
In this interview for Help Net Security, Mark Ruchie, CISO at Entrust, talks about cloud security and how zero trust should be implemented to guarantee overall cloud protection. Generally speaking, the best way for an organization to approach zero trust is for security teams to take the mindset that the network is already compromised and develop security protocols from there.
In this Help Net Security video, Alex Paquette, COO at Ironscales, discusses the impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of phishing attacks. A recent study conducted by Osterman Research found that IT and security teams spend one-third of their time handling phishing threats every week.
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "Everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.