Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
25 November 2024
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
"Since these are hardened languages with limited capabilities, they're supposed to be more secure than