Musk promises purge after Grok Build caught sending entire repos to the cloud
Researcher confirms the uploads have stopped, but says xAI's privacy command was not what fixed them
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researcher confirms the uploads have stopped, but says xAI's privacy command was not what fixed them
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]
Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.…
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.
Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers FoundExploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle's console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability.
Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra IDA flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.
Blackpoint Cyber's Manoj Srivastava on Orchestration, Context and Unified CybersecurityThe traditional notion of a fixed security perimeter has become obsolete, and the threat surface has expanded significantly due to remote work, cloud adoption, IoT devices and third-party vendor integrations, said Manoj Srivastava, chief technology and product officer at Blackpoint Cyber.
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code
Attacker With Project Access Could Have Retrieved Private Images, Researchers SaidGoogle has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.
Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…
Remember Bucket Monopoly? Yeah, it gets worse Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user's account completely.…
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. [...]
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code
Datadog security researchers found the flaw before miscreants did Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …
Newly disclosed RCE flaw in Cosmos DB's Jupyter Notebook feature highlights some of the weaknesses that can arise from emerging tech in the cloud-native and machine learning worlds.
Three vulnerabilities in one line of code AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…
Microsoft has fixed a known issue that was causing Office applications like Word and Excel to crash when working with cloud documents. [...]
Redmond kicks off Patch Tuesday with a months-old flaw fix Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.…