Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

/* * This file is part of the Symfony package. * * (c) Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\String; if (!\function_exists(u::class)) { function u(?string $string = ''): UnicodeString { return new UnicodeString($string ?? ''); } } if (!\function_exists(b::class)) { function b(?string $string = ''): ByteString { return new ByteString($string ?? ''); } } if (!\function_exists(s::class)) { /** * @return UnicodeString|ByteString */ function s(?string $string = ''): AbstractString { $string = $string ?? ''; return preg_match('//u', $string) ? new UnicodeString($string) : new ByteString($string); } } Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks – OWASP Jakarta

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Styra’s Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
“Since these are hardened languages with limited capabilities, they’re supposed to be more

[ad_2]

2024-11-25 11:24:00

Categories: News

Tags: attacksBlindcloudCybersecurityExposeIaCPaCPlatformsSpotsTools

0 Comments

Leave a Reply Cancel reply

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection