VMware Aria Operations Bug Exploited, Cloud Resources at Risk
Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.
The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.
A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.
"Spinning YARN" cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known Atlassian Confluence bug.
The four security vulnerabilities are found in Docker and beyond, and one affecting runC affects essentially every cloud-native developer worldwide.
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
Cybercriminal groups are targeting misconfigured Docker and Kubernetes clusters — or just automating the sign-up process for free trial accounts — to build infrastructure for cryptomining.
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.