Cybersecurity - The Stack (Page 20)

This critical Microsoft Word RCE exploit requires just a few lines of code: We need more CHERI

POC lands for CVSS 9.8 Word bug CVE-2023-21716

The Stack March 08, 2023

US agencies warn over "Royal" ransomware rise

US agencies warn over "Royal" ransomware rise

Phishing is key threat vector and a Blue Team bête noire...

The Stack March 07, 2023

Novel cloud attack pivoted from K8s to Lambda, pulled IAM keys from Terraform

Novel cloud attack pivoted from K8s to Lambda, pulled IAM keys from Terraform

A recent attack tracked by researchers at cloud security company Sysdig saw the attackers use an exposed Kubernetes container to move laterally to the victim’s AWS account – gaining initial access by exploiting a public-facing service in a self-managed Kubernetes cluster hosted inside an AWS cloud account. The company'...

The Stack March 01, 2023

Server backup vulnerability piggybacked to live systems

Server backup vulnerability piggybacked to live systems

Open source bug leads to server backup bug leads to... crime.

Edward Targett February 28, 2023

New LastPass breach post-mortem raises questions

New LastPass breach post-mortem raises questions

Attackers targeted DevOps engineers' home devices...

The Stack February 28, 2023

Pentagon CIOs slapped over cloud security by auditors days before 3TB of emails exposed

Department of Defense

Pentagon CIOs slapped over cloud security by auditors days before 3TB of emails exposed

Days before the exposure this week of over three terabytes of military emails owing to misconfigured Azure services, the US Department of Defense (DoD)’s Inspector General had warned Pentagon CIOs that their teams were not properly reviewing documentation designed to ensure military cloud security – and running systems with unmitigated...

Edward Targett February 24, 2023