Tom Forbes recently published an interesting article detailing how a strange pull request on his pypi-data project led him to discover a publicly available release file that contained a hard coded AWS access key and an AWS secret key. This key was still active and allowed Tom access to an AWS bucket containing clinical data … Read More “InfoSys LEAKS FullAdminAccess AWS KEYS ON PyPi FOR OVER A YEAR” »
Category: Cloud
AWS released several hot patches to mitigate vulnerability to log4shell. Unfortunately Unit 42 at Palo Alto identified several severe vulnerabilities with their fixes, including container escape which is pretty much the holy grail of a cloud vulnerability. If you are not familiar, cloud infrastructure works by having a lot of hardware that is effectively “shared” … Read More “AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION” »
Office 365 has been steadily growing for many years to the point where it currently has over 200 million users. Many large and small organizations are increasingly taking advantage of cloud based services and infrastructure to reduce costs and increase availability to their users. So, when there is security issue with a major cloud based … Read More “REMOTE CODE EXECUTION in Office 365” »