Should this issue be handled by CloudFormation automatically behind the scenes? I added a customer managed prefix list to a security group and then I started getting this error message: CloudFormation cannot update a stack when a custom-named resource requires replacing This is a very strange error message to me. What exactly is a custom-named resource? I […]
Cyber News, Cyber Threat TrendsThe out-of-bounds write issue in the kernel could be exploited to execute arbitrary code
Cyber News, Cyber Threat Trends
The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its […]
Cyber News, Cyber Threat Trends
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on […]
Cyber News, Cyber Threat TrendsThe operators could make over $3m if they decide to sell the card dumps on underground forums
Cyber News, Cyber Threat Trends
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows “any domain user to remotely
Cyber News, Cyber Threat Trends
91. Granting AWS Console access for Secrets Manager Secrets to address IAM Policy Limitations This is a continuation of my series on Automating Cybersecurity Metrics. If you recall from a prior post we had some complications when trying to protect a user-specific secret due to the way AWS policies work. We couldn’t fully achieve our […]
Cyber News, Cyber Threat Trends
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant […]
Cyber News, Cyber Threat Trends
Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but […]
Cyber News, Cyber Threat Trends