Stealing AWS Keys

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers Nov 07, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services Read more…

DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, Read more…

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Read more…

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent Read more…