AWS unveils new chaos engineering tool: Fault Injection Simulator

Source:-https://sdtimes.com AWS is enabling teams to address application weaknesses with the introduction of the AWS Fault Injection Simulator at is virtual AWS re:Invent 2020 conference this week. The simulator is a chaos engineering tool expected to be generally available in 2021. According to the company, the new offering will come packed with pre-built templates for creating the desired disruptions whether that’s for server latency or database errors. It also contains controls and guardrails such as automatically rolling back or stopping

GitHub Actions platform vulnerable to code injection attacks – research

Source:-https://portswigger.net A design flaw in Actions, GitHub’s workflow management platform, can give hackers write access to repositories and reveal encrypted secrets, Google Project Zero researcher Felix Wilhelm has reported. An attacker can exploit set-env, one of the commands supported by GitHub Actions, to dump NodeJS commands to the shell output, which are then processed and run by Actions’ runner process. “As the runner process parses every line printed to STDOUT looking for workflow commands, every GitHub action that prints untrusted