An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment.

  • EmperorHenry@infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    it should be mandatory for all cloud storage stuff to be E2EE, preferably with quantum-resistant encryption.

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    However, Tenable noted, developing such an exploit would require a good deal of effort, being customized to the target’s particular operating system and architecture.

    Technically, this statement isn’t wrong, but if it’s meant as anything other than some friendly reassurance so that people can relax as they patch, then I have bad news for the writer about how memory corruption bugs operate