Security News > 2024 > November > Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
2024-11-25 11:24
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data. "Since these are hardened languages with limited capabilities, they're supposed to be more secure than
News URL
https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html
Related news
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03) (source)
- IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10) (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24) (source)
- Hottest cybersecurity open-source tools of the month: November 2024 (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1) (source)
- ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8) (source)