Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks,
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
« Since these are hardened languages with limited capabilities, they’re supposed to be more secure than
« Since these are hardened languages with limited capabilities, they’re supposed to be more secure than
,
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
« Since these are hardened languages with limited capabilities, they’re supposed to be more secure than
« Since these are hardened languages with limited capabilities, they’re supposed to be more secure than
, ,
https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html