Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code
Published Jun 30 2022 2:57 PM
We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators.
New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads
Published Jun 30 2022 2:51 PM
A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.
24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far
Published Jun 17 2022 4:05 PM
In a sad statement about the times, over 24 billion username and password combinations are currently listed on the Dark Web. Since there are about 6 billion people on the planet, that equates to 4 sets for each person.
Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys
Published Jun 17 2022 3:58 PM
For now this is only being used for cryptojacking, using other people’s computing power to mine for cryptocurrency. While certainly not the most harmful of cybercrime, the method used to gain access and spread is new and may be used for other purposes in the future.
A positive step in the fight against ransomware is the recently announced collaboration between the USA Department of Justice and the EU based Eurojust. The two groups are working on legal and law enforcement focused approaches.