Security pros warn that a bug in the popular open-source logging and metrics tool could cause denial-of-service attacks and data loss in all the major cloud platforms, including AWS, GCP and Azure.
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities. Salt Security is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address this growing challenge. These innovations empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts.The OAuth Attack LandscapeLet's take a closer look at the types of OAuth attacks these new capabilities will address:Access Token and Authorization Code Theft: Vulnerabilities
New joint research by Wiz and AI-as-a-service provider Hugging Face find that a malicious pickle-serialized model could contain a remote execution payload.
One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.