🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
16 JunA vulnerability in MOVEit Transfer Could Allow for Elevated Privileges and Unauthorized AccessA Vulnerability has been discovered in Progress Moveit Transfer, which could allow for could allow for elevated privileges and unauthorized access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners …CISECURITY.ORG
⚠️ VULNERABILITY DISCLOSURE 1[−]
16 JunBringing Transparency to Confidential Computing with SLSAAsra Ali, Razieh Behjati, Tiziano Santoro, Software Engineers Every day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential atta…SECURITY.GOOGLEBLOG.COM
🔥 INCIDENT REPORTING 2[−]
16 JunCyber Security Today, Week in Review for Friday, June 16, 2023This episode features a discussion on paying ransomware demands, a crimeware gang whose targets include small and medium businesses and why some developers are less than careful with their API keys.CYBERSECURITYTODAY.LIBSYN.COM
16 JunToyota admits to yet another cloud leaksubmitted by 0xCBE to cloudsecurity 10 points | 2 comments https://www.theregister.com/2023/06/05/security_in_brief/ "Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toy…THEREGISTER.COM
🕵️ THREAT INTELLIGENCE 6[−]
16 JunCyber Security Today, June 16, 2023 - Beware of fake profiles on GitHub, and are you an optimist or pessimist CISO?This episode reports on GitHub being abused by a threat actor, surveys of infosec pros and moreCYBERSECURITYTODAY.LIBSYN.COM
16 JunMicrosoft Response to Layer 7 Distributed Denial of Service (DDoS) AttacksSummary Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft t…MSRC.MICROSOFT.COM
16 JunWriteup: AWS API Gateway header smuggling and cache confusionsubmitted by Captain to cloudsecurity 5 points | 0 comments https://securityblog.omegapoint.se/en/writeup-apigw/ “This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system” Official announcement from AWS: aws.amazon.com/…SECURITYBLOG.OMEGAPOINT.SE
16 JunGCP Pentesting Guidesubmitted by 0xCBE to cloudsecurity 4 points | 0 comments https://slashparity.com/?p=938SLASHPARITY.COM
16 JunExploring Firecracker MicroVMs for Multi-Tenant Dagger CI/CD Pipelinessubmitted by 0xCBE to cloudsecurity 4 points | 0 comments https://www.felipecruz.es/exploring-firecracker-microvms-for-multi-tenant-dagger-ci-cd-pipelines/FELIPECRUZ.ES
16 JunSecuring the EC2 Instance Metadata Servicesubmitted by 0xCBE to cloudsecurity 5 points | 0 comments https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds/SECURITYLABS.DATADOGHQ.COM
📡 INFOSEC NEWS 4[−]
16 JunIs a RAT stealing your files? – Week in security with Tony AnscombeCould your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?WELIVESECURITY.COM
16 JunStop Cyberbullying Day: Prevention is everyone's responsibilityStrategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselvesWELIVESECURITY.COM
16 JunSensor Intel Series: Top CVEs in May 2023Relative stability in attacker activity this past month serves to highlight the ongoing importance of Exchange Server vulnerabilities and poorly-secured IoT devices to attackers.F5.COM
16 JunSensor Intel Series: Top CVEs in May 2023Relative stability in attacker activity this past month serves to highlight the ongoing importance of Exchange Server vulnerabilities and poorly-secured IoT devices to attackers.F5.COM