Microsoft has patched what researchers called a “dangerous” flaw in its Azure Service Fabric component of the company’s cloud-hosting infrastructure. If exploited, it would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform. Researchers from Orca Security discovered the cross-site scripting (XSS) flaw — which they dubbed Super…

While Zero Trust is a term that is often misunderstood as well as misused, it is an approach that has real value in helping to reduce systematic cyber risk and improve resiliency. Organizations of all sizes understand that they require a resilient cybersecurity strategy that can support and enable the business even during a crisis,…

Twitter’s new policies surrounding its application programming interface (API) have just gone into effect — and they will have broad implications for social media bots, both good (RSS integrations, say) and evil (political influencer campaigns), researchers note. On Feb. 2, the Twitter dev team announced that the site would no longer provide free access to…

Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub’s servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way. “If the application…

More information has become available on “PurpleUrchin,” a malicious campaign in which a threat group called Automated Libra is using DevOps and continuous integration/continuous deployment (CI/CD) practices to mine cryptocurrency on cloud platforms using free trial accounts. The campaign began in August 2019 and has mainly targeted platforms such as GitHub, Heroku, and ToggleBox. Security…

F5 launches F5 Distributed Cloud App Infrastructure Protection (AIP), a cloud workload protection solution that expands application observability and protection to cloud-native infrastructures. Powered by technology acquired with Threat Stack, AIP is the newest addition to the F5 Distributed Cloud Services portfolio of cloud-native SaaS-based application security and delivery services. Organizations of all sizes across…

Take a moment to consider how frequently you authenticate your identity online: checking your email, logging in to your bank account, accessing cloud-based productivity tools, booking a flight, paying your taxes. We confirm our identities so many times every day that things like providing personally identifiable information and confirming a login attempt through our smartphones…

Go, or Golang, is an open source programming language designed for building reliable and efficient software at scale. Supported by Google, Go is leveraged by some of the world’s largest companies and it’s often used to develop cloud-native apps, including for Kubernetes. Oxeye researchers have conducted an analysis of Go-based cloud-native applications and discovered an…